On Sun, Jun 17, 2001 at 02:17:14AM +0200, Oskar Sandberg wrote: > On Sat, Jun 16, 2001 at 07:57:58PM -0400, Tavin Cole wrote: > > On Sun, Jun 17, 2001 at 11:35:40AM +1200, David McNab wrote: > > > So, back to FProxy. > > > FProxy's 'paranoid' filtering is the only way to go. Block anything that > > > even remotely smells like an out-of-band hit. Give an inventory of all > > > potentially compromising content. I now appreciate the wisdom of this > > > approach. > > > > Fproxy should just support https instead of http. Browsers are pretty > > good about warning you when a page tries to load something from a > > different server or over a non-https protocol. > > Fproxy doesn't need to support https, people can just use an app like > stunnel to wrap the connection.
Well, that's what I do. But it's a matter of social engineering... we're trying to protect people who aren't very capable of running stunnel or anything like it. Plus, Ian's out to make everyone link to http://localhost:8081/ which is a big pain in the ass for me since I run my fproxy on https://localhost:8081/. So I'd rather he was riding people's ass to link to the latter instead.. which won't happen unless it's the standard behavior. -- # tavin cole # # "Technology is a way of organizing the universe so that # man doesn't have to experience it." # # - Max Frisch _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
