Tunnelling one protocol within another always opens up the possibility
that the inner protocol may be invalid and cause unpredictable behaviors
in the down-stream application. One of the points that Cheswick and
Bellevin (sp?) made is not to tunnel, and to provide protocol validation
at the firewall.
For outbound connections, the problem may not be serious. For inbound
connections, you will want to validate as much of the data/protocol as is
possible.
ted keller
On Thu, 17 Jun 1999, Andy wrote:
> > Is it: Does everyone else think this is really evil to send
> > code across HTTP?
> >
> > Or is it: Hey, this is cool... we don't have to request firewall
> > changes to allow our stuff onto other people's networks!
>
> My interest in the subject was prompted by the fact that I too will have
> the need to get client-server data through a firewall, and I was
> wondering about the wisdom of doing so via HTTP, or email attachments
> for that matter, and what kind of reaction I would get from my client's
> admins. So I'd love to be able to say "that's cool". But I am not a
> network admin, and that is why I posted my question here, to get
> reactions from some.
>
> -Andy
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
