On Thu, 23 Sep 1999, Sacha Labourey wrote:
> French in my case (and 8 eight years trying to learn German). I see you know
> our language melting pot! You just forgot the last one : Rumantsch. But as
> only 40'000 (and my girlfriend) people speak it, you are excused ;)
There's some truth to the 'you learn something new every day.' :)
> > > I very well understand your point. But what if you wanted to
> > developp a new
> ..
> > users, not to traditional proxy-based firewalls.
>
> OK. So, to see if I well understand, when developping new applications, we'd
> better use existing protocols (like HTTP) than develop new one. This is
> "easier" to administrate but doesn't assure it is more secure. For example,
> if my CORBA application is not widely accepted because it needs ports xxx,
> making it use HTTP as its communication protocol won't be a problem anymore
> for users (they by-pass their firewall-admin authority!) but will be a new
> one for their admin : whichever protocol you use, the problem is in the
> application (trojan horse).
>
> So the solution is :
> - don't develop an application anymore?
> - use a already known (and de facto trusted) protocol and, consequently,
> bypass your FW-admin authority?
> - develop a new application, a new protocol and a new proxy?
> - ...
Those are basicly the choices.
The first one is the "Use a Web server" choice.
The second is indeed bad, but seems to be the most popular.
The third is the right way, but won't be widely accepted.
There's the fourth choice of developing for the home market and ignoring
firewall users, or only supporting packet screens and/or SOCKS.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
