Re: Proxy bypass in Opera : security related ?

[Valdis.Kletnieks () vt edu]

On Wed, 05 Dec 2001 10:22:45 +0100, Nicolas Gregoire <ngregoire () exaprobe com>  said:

> I haven't any really interesting scenario for this bug.
> Yes, it's possible to make a user follow a link and get a page without using the configured proxy, but if,
> in a company, there's a proxy and a way to fetch web pages without using the proxy, the problem is,
> in my opinion, a security policy problem ....
>
>
> Does anybody see any security implication for this bug ? 

Yes, that's a problem.  A malicious webpage can force you to not use
(for example) a Junkbuster proxy that you're using to filter your requests.

So a malicious page can do things that *should* have been filtered out
by your proxy - and that's a security implication.

-- 
                                Valdis Kletnieks
                                Operating Systems Analyst
                                Virginia Tech

Attachment: _bin
Description: