Firewall Wizards mailing list archives
Re: signed applets a solution --maybe!
From: Bennett Todd <bet () rahul net>
Date: Wed, 17 Dec 1997 05:28:49 -0800
On Mon, Dec 15, 1997 at 07:01:34PM -0500, Hal wrote:
Here's my problem: A web page comes into my system and with it three objects: one is java [...] another VB [...] and the third is [...]
Indeed, if you're in a setting requiring any kind of serious security, that is your problem; chunks of java, VB, and so on shouldn't come in to your system; they should be stopped at the firewall.
[...] There is a growing body of users who suspect the merits of a firewall. They are web users and firewalls get in their way because it prevents their arbitrarily using any port at any time. An increasing number of web services ordinary and not so ordinary are feeding this trend.
Where people are web users --- e.g. at ISPs, at internet information service bureaus of various sorts, etc. --- the security policy is necessarily different; you don't try to secure the desktops at all, instead they lie in a ``sacrificial'' net, which would be the DMZ in a more conventional setting. Internal business data machines and anything else requiring serious protection will of course lie behind a strong (i.e. application-proxy) firewall with a very strict policy, but people who are web users (as opposed to traders, or systems administrators, or admin staff, or other sorts of jobs) should definitly have no barriers between their desktops and the internet. Out of curiousity, how many professional web users are there these days? I hadn't really thought about it, but I guess that's probably a very fast-growing field these days. We don't have any at my company today, but I imagine we will before much longer. -Bennett
Current thread:
- RE: signed applets a solution --maybe! Hal (Dec 15)
- Re: signed applets a solution --maybe! Bennett Todd (Dec 17)