> From: Paul D. Robertson wrote
>
> > The problem with the renaming approach is that the user can set
> up a proxy
> > that replaces any
> > unknown tag by say <script> or </script> (alternatively and depending on
> > context...).
>
> Those same users could set up http tunnel to an IRC bot. If you're
> playing at that, you've got bigger problems.
what we are comparing is two approaches:
- strip the tagged content
- rename the tags.
I was simply saying that the first approach is better. If you know
of anyone who can find a content that has been stripped, then give him
your badge and go fishing.
moreover, from a "legal" viewpoint, I can "punish" users if I ever
find they use tunnel through http, and that can be found by inspecting
what flows over the network (I know it's bad, but that's possible)
but can do nothing (and probably will
never know) if they are simply converting ascii chars.
regards,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
