| Lo and behold, Lee Silverman once said: | | > For example, if someone gave you a cgi-bin script and asked you to tell | > them if it was going to cause any security holes, what would you look for? I would also look to interaction with unknown - complex - programs. This may sound too unspecific, but I would be skeptical about large things like database engines, or untested things like a new fancy "do-x-and-our-web-site-will-be-famous" thing. These are usually either too large and complex to controll even if you are determined or untested prototypes with lots of bugs in them. I would also like to pin-point another category of suspicious programs - viewers of any kind. These are almost never written with security in mind, since the author is usually only interested in depicting the data in as nice a way as possible. The input data is always considered "friendly input". (This is of course different when we talk about highly networked viewers like the web ones.) (The newest versions of xv (3.10, I believe) actually executes postscript files without the -SAFER switch. So by sending a postscript file from an web-server but specifying it as a image/tiff or whatever, you are actually able to do nasty things.) Also, don't entirely discount the risk of "contamination" based on more passive methods like being able to place a certain file in a certain place that will trigger somthing later on based on the user's actions separate from the Web thing. Like being able to put some strange dot files somewhere, changing some defaults. Something under .hotjava/execute-me-automatically :-)) /Christian