Re: Java/Netscape security holes: hole du jour and summary

• To: loverso@osf.org
• Subject: Re: Java/Netscape security holes: hole du jour and summary
• From: Larry Masinter <masinter@parc.xerox.com>
• Date: Wed, 1 May 1996 21:12:49 PDT
• CC: riddle@is.rice.edu, www-security@ns2.rutgers.edu
• Fake-Sender: masinter@parc.xerox.com
• In-reply-to: John Robert LoVerso's message of Wed, 1 May 1996 12:52:23 -0700 <199605011952.PAA02274@postman.osf.org>

As one of the authors of the file upload specification, I'm curious
about what the nature of "the abuse of HTTP file upload to steal
files" might have been, since this the first I've heard of it. We
worked to make sure the "Security Considerations" section of the draft
covered the ways that we thought it might be abused.

As this experimental RFC is likely to become part of some standard at
some point, it would be good to clarify the issue in any revision.

Could you please send a pointer or expand here?

- Larry

• Re: Java/Netscape security holes: hole du jour and summary
• From: John Robert LoVerso <loverso@osf.org>

• Previous: Looking for specialized company in simulating attacks
• Next: Re: chroot-ed httpd
• Index(es):
  • Index
  • Thread