On Sun, Jun 17, 2001 at 11:35:40AM +1200, David McNab wrote:
> So, back to FProxy.
> FProxy's 'paranoid' filtering is the only way to go. Block anything that
> even remotely smells like an out-of-band hit. Give an inventory of all
> potentially compromising content. I now appreciate the wisdom of this
> approach.
This is only true because FProxy is feeding the response to an
application which can be easily persuaded to connect to arbitrary hosts
on the Internet, namely a web-browser. Another alternative is to
implement a custom HTML render which does not have this shortcomming. I
believe that this is the approach taken by Snarfzilla. The ultimate
solution would be not to use ordinary web-browsers at all, however the
FProxy approach, pragamtically, is probably better - even though the
anonymity filter is a nasty kludge.
> Hmm, I'm tempted to attempt a port of FProxy to platform-independent C++.
> Have the cake and eat it too :)
I believe that someone is working on a new FProxy implementation for
0.4. This is where I suggest people concerned by this focus their
efforts. How is your java? ;-)
Ian.
PGP signature
