Firewall Wizards mailing list archives

Re: HTML multipart/report

From: Olivier CALEFF <caleff () apogee-com fr>
Date: Fri, 12 Jun 1998 09:13:33 +0200

At 14:03 10/06/98 -0400, James Croall wrote:
>At 12:42 PM 6/10/98 +0100, you wrote:
>>Gauntlet blocks multipart data coming through the http proxy. Anyone know
>>of current problems with this type of data?
>
>Don't quote me on this, but I think that dates back to a problem with Netscape
>Navigator. A while back the Netscape "file upload bug" got quite a bit of
>press,
>which allowed a malicious web site to steal files from user's workstations.
>That
>option allowed the firewall administrator to protect everybody with one
>setting.

You are right, it dates back to June 1997, http-gw patch level 17 at that time. At that time, the README said :

Adds support for "deny-feature multipart-form" to block multipart/form-data. Supports blocking of file upload due to Netscape bug.

--
+------------------------------------------------------------------------+
| Olivier CALEFF, Chief Technical Officer |
| APOGEE Communications, Parc Club Orsay Universite, 91893 Orsay, FRANCE |
| mailto:caleff () apogee-com fr http://www.apogee-com.fr |
| phone: +33.1.69852728 == fax: +33.1.69855763 == mobile: +33.6.08741864 |
+------------------------------------------------------------------------+
|Network/Systems Management| Security|Consultancy |Call Centers| Training|
+------------------------------------------------------------------------+

Current thread:

HTML multipart/report Dave Roberts (Jun 10)
- Re: HTML multipart/report John Labovitz (Jun 11)
- <Possible follow-ups>
- Re: HTML multipart/report James Croall (Jun 11)
- Re: HTML multipart/report Olivier CALEFF (Jun 12)