On Thu, Aug 06, 1998 at 01:53:25AM -0700, Paul Leach wrote: > As a result, I just didn't care about the precise problem reported, and was > commenting on the problem of "bad" web pages in general. If we started > examining web pages to analyze them and catch "bad" ones before we executed > them, it is indeed true we could catch many bad ones. However, every one we > don't catch would be a "YET ANOTHER MAJOR MS SECURITY HOLE", and the theory > tells us we can't catch all of them. So, we're just not going to start down > that path. If a site has pages that cause your browser to restart, don't go > there again; set your Zones to stop you if you really want. No serious site > has any interest in allowing such pages to exist on its site, and about all > you lose when the browser restarts is the history list, since it's about as > stateless as you can get in an app (except for its config data, which isn't > lost anyway). It's nice to see that Microsoft has such a positive attitude to security. If a site crashes your browser, don't go there again! Is that anything like "If a program crashes windows, don't run it!"? There was a very reasonable message on bugtraq just a few hours ago, that explained it clearly enough: webpage contents need to be treated as _non-trusted_ user input. Web pages MUST be assumed to be hostile, because you have no control over who wrote them and what their intentions were. The whole point of the WWW is that anyone (not just "trusted" sites, that can't really be trusted anyway - big established sites have been hacked before), anyone can publish contents, which is _safe_ to view, because it's basically text, graphics, sound, etc. Text, graphics or sound are not supposed to be able to bite you in any way. You don't need to trust a book's author to read it; you can drop it if you're not interested, but it can't harm you just by reading it. Now, browsers have been extended in many ways, including support for javascript, cookies, client pull, server push, java, vbscript, etc, allowing the server to have some control on the client, which is right and extremely useful, as long as the user has _ultimate control_. Turning enough untrusted things off, it should be possible to view any site safely, knowing that the worst that can happen is that you don't like or can't make sense of the contents, but without disrupting your experience in any way. If you need to trust a site to be safe viewing it with some browser, and that is part of the design of the browser as you seem to imply (as opposed to a bug, which can always be fixed, and can happen to any software), then I will NEVER even consider using that browser. -- Roger Espel Llima, espelat_private-clermont1.fr -o) http://www.eleves.ens.fr:8080/home/espel/index.html /\\ _\_v
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:41 PDT