[Previous] [Next] [Index]
[Thread]
Re: CERN httpd proxy vs. SOCKS
On Sun, 6 Nov 1994 hallam@cayenne.lcs.mit.edu wrote:
> On the specific question of SOCKs vs a proxy I much prefer the proxy
> approach, or rather I like to see one in there even if it is Socksified
> into the bargain. There are a number of issues where a proxy is really
> needed. Socks can at best only protect you from attacks from unwellcome
> hosts. It cannot provide protection against receving contaminated data
> from a trusted host. Several Web document formats are programming
> languages in their own right, postscript being an example. One of the
> most regular `discoveries' by Web hackers is that `you can download and
> execute shell scripts with one easy modification to the mailcap file'.
> One role that a security proxy can play is to filter out such potentially
> dangerous document types - or alternatively provide some sort of fallback
> security mechanism such as enforcing their display only via a trusted
> channel.
>
I'm writing a paper o WWW security, and I have the following questions:
1. Can you give me an example of a 'mailcap'-based attack?. Or where can I
find more to read on the subject.
2. Do any of the existing HTTP proxies actually filter the content received
from a trusted host? It seems that if this is not the case, firewalls are
do not really enhance HTTP security because the most dangerous threats
seem to occur at the application level.
====================================================
Bich C. Le (also known as Tchiu)
Graduate Group in Computer Science
University of California at Davis
eMail: leb@cs.ucdavis.edu
====================================================
References: