-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Igbar,
On 09 August 2001 at 09:42:30 -0700 (which was 17:42 where I live)
Igbar Foosenhopper wrote to Dave Gorman and made these points:
IF> Could you explain to me how HTML is a security risk. Please give
IF> me the HTML commands which pos the risk.
Here's a couple for you:
<img src=....>
<script language=....>
The acquisition of an external image is a huge security risk, opening
a direct channel between your PC and the host. It's okay when you're
browsing, but when you're reading mail? No thanks! Email reading is an
off-line activity. Browsing is an online one. <rant> HTML mail is an
unacceptable cross-over of the two separate domains and is an
abomination which should be resisted in any greater form than a simple
"enriching" mode. Even that is a waste of bandwidth. </rant>
As for <script ...>, well - did you say hello to "Mellisa" and "I Love
You", on the way in? Couple that kind of breach with the power of the
I-SirCam or some such worm and you're in deep trouble.
Having said that, it is clear that the 1.54 beta series is heading for
a more comprehensive HTML support and may well introduce some simple
HTML mail authoring capabilities <sigh>.
- --
Cheers -- .\\arck D. Pearlstone -- List moderator and fellow end user
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\ BrainStorm - free thinking - www: http://www.brainstormsw.com /
\ PGP Key ID: 0x929DCDA0 | www: http://www.silverstones.com /
TB! v1.54 Beta/5-14F4B4B2 on Windows NT 5.0.2195 Service Pack 2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (MingW32)
Comment: GPG Sealed for freshness
iD8DBQE7csOPOeQkq5KdzaARAvDgAJ9rcGFo5Byr7I/KkIEA8pz48txGCACeNsT5
oa+07vDWufLJPhs2KQ2MasY=
=Tmcb
-----END PGP SIGNATURE-----
--
______________________________________________________
Archives : <http://tbudl.thebat.dutaint.com>
Moderators : <mailto:[EMAIL PROTECTED]>
TBTech List: <mailto:[EMAIL PROTECTED]>
Unsubscribe: <mailto:[EMAIL PROTECTED]>
You are subscribed as : archive@jab.org