> However, no firewall, including OpenBSD, is the end to it all. Security is
> a
> multifaced subject. There needs to be layers of defense. Just look at port
> 80. You open it so that you can browse. But your browser does not know
> much
> about what it brings back. It can contain code and often do.
What? Port 80 doesn't have to be open for you to browse! Unless you're
talking it being open in the sense of allowing out internal requests to
port 80 on a remote server (which it doesn't sound like from the context).
> You like to be able to execute most of this code because it makes the web
> pages come alive with all sorts of java, perl, asp and other types of
> scripts. But they can also contain destructive or open a backdoor type of
> instructions. Your firewall does not know the difference, nor does your
> browser. Certainly not your O/S. The point being you put a hole in the
> firewall to let web pages in, and now you could be hacked. You may never
> even find out.
Actually, the bulk of perl and asp code is executed server-side, like cgi
- thereby delegating all risk to the server. Java applets, which are at
least partially executed by the client, are a special case, and they are
not able to touch local files, open network connections (except back to
the originating server), or otherwise do anything destructive - your local
java runtime environment knows the difference and enforces these rules.
Levi
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:59:37 EDT