HTML multipart/report

Olivier CALEFF
Fri, 12 Jun 1998 09:13:33 +0200

At 14:03 10/06/98 -0400, James Croall wrote:

>At 12:42 PM 6/10/98 +0100, you wrote:

>>Gauntlet blocks multipart data coming through the http proxy.  Anyone

>>of current problems with this type of data?


>Don't quote me on this, but I think that dates back to a problem with

>Navigator. A while back the Netscape "file upload bug" got quite a bit


>which allowed a malicious web site to steal files from user's


>option allowed the firewall administrator to protect everybody with 


You are right, it dates back to June 1997, http-gw patch level 17 at that
time. At that time, the README said :


Adds support for "deny-feature multipart-form" to block
multipart/form-data. Supports blocking of file upload due to Netscape




|                  Olivier CALEFF, Chief Technical Officer               |

| APOGEE Communications, Parc Club Orsay Universite, 91893 Orsay, FRANCE |

|          |

| phone: +33.1.69852728 == fax: +33.1.69855763 == mobile: +33.6.08741864 |


|Network/Systems Management| Security|Consultancy |Call Centers| Training|