>The closest to this I've heard of is also a potential problem with >some Web Browsers. > >If you can invoke a sufficiently sophisticated postscript interpreter >with an email message or a web graphic, you can embed code to do >unintended things, since PostScript is a full language. Ghostscript has an option to tell it not to allow access to any external files, I believe. On the same note, has anyone had a close look at 'HotJava' yet from a security standpoint? This is yet another Web browser (from Sun). The main difference is that it can allow code to be downloaded and executed locally. It's currently only available on Solaris 2.[34] for sparc, but MacOS and W-latter-half-of-decade ports are underway. There's a security doc available under the home page <URL:http://java.sun.com/> that suggests some thought has been paid to security, but it sounds like thin ice to me. [I know this isn't strictly discussion of a bug, but surely it's relevant enough for discussion here?] Rob