[prev in list] [next in list] [prev in thread] [next in thread]
List: gauntlet-user
Subject: Active content passing "deny-feature"
From: Ejnar Zacho Rath <ezr () md-oss ! dk>
Date: 1999-01-21 15:41:03
[Download RAW message or body]
One of my users has showed me that he can get www pages with active
content through our Gauntlet though we are using a
deny-feature script java activex
statement in our netperm-table.
It looks as if the trick is to have the active content in pages with
names ending in something else than .htm, .html, or ? You can see an
example on http://home12.inet.tele.dk/dko/index.htm.txt (in danish,
sorry).
The user claims that this "feature" only works on MSIE 4.x and Netscape
ver. (4 ?)
Any suggestions to block this hole ?
The Gauntlet is 4.1 on Solaris 2.5.1.
Best regards,
--
Ejnar Zacho Rath, | Out of the midst of the gloom came a
Maersk Data AS, Postbox 176,| voice: Smile, for things could be worse.
DK-5100 Odense C, Denmark | So I smiled and lo, behold,
e-mail: ezr@md-oss.dk | things did get worse.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic