RE: [fw-wiz] tunnel vs open a hole

From: Behm, Jeffrey L. (BehmJL@bvsg.com)
Date: 04/07/03

  • Next message: D Sanchez: "Re: Subject: [fw-wiz] tunnel vs open a hole"
    From: "Behm, Jeffrey L." <BehmJL@bvsg.com>
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 7 Apr 2003 15:14:50 -0500
    

    Agreed!

    This is one reason why a client I work for has implemented outbound http
    proxying *with*
    authentication required. While certainly not perfect, this helps keeps most
    things
    that require port 80 outbound to a minimum.

    The biggest problem we have seen is that app developers don't understand how
    to
    handle a response from the proxy server that says "Hey, you tried to open a
    new
    connection but did not provide any credentials, so please authenticate."
    Rather,
    they just blindly assume its gonna work and apparently don't perform any
    programming 101 error checking, and just let the app die a horrible
    (but deserving :-)) death.

    <pet peeve>
    When will programmers begin (again) to do basic error checking?
    </pet peeve>

    Marcus J. Ranum spewed:
    > We made a big mistake when we started building
    > firewalls that
    > allowed outgoing connections that were not individually
    > authenticated and
    > associated with a human user's request.
    >
    > mjr.
    > ---
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: D Sanchez: "Re: Subject: [fw-wiz] tunnel vs open a hole"