HTML multipart/report

James Croall jcroall@tis.com
Wed, 10 Jun 1998 14:03:22 -0400


At 12:42 PM 6/10/98 +0100, you wrote:
>Gauntlet blocks multipart data coming through the http proxy.  Anyone know
>of current problems with this type of data?
>
>It would seem that the only time I see it getting denied, it when someone
>on the inside is trying to upload a file to a remote site.  Does this type
>of data ever occur on inbound data?

Don't quote me on this, but I think that dates back to a problem with Netscape
Navigator. A while back the Netscape "file upload bug" got quite a bit of
press,
which allowed a malicious web site to steal files from user's workstations.
That
option allowed the firewall administrator to protect everybody with one
setting.

That bug shouldn't be a problem these days, but that option should still be
useful
where there are strict policies on exporting data.

- James

(standard disclaimer here)