BC:
> "Forbid" was a poor choice of word. We need a method of using client-side
> code that does not compromise the anonymity or security of the user.
What do you suggest?
___
Freenet-dev mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net
> > > And of course browsers *could* implement this
> functionality themselves.
> >
> > It seems risky to make the assumption that all browser code
> should be
> > trusted esp. given that we have no ability to audit the
> code. A piece of
> > firewalling code would seem more appropiate under
As an aside, can the installer folks have a web-shortcut placed on the
windows desktop that will launch their browser pointing at FProxy. This
will help with journalists and newbies who fail to read documentation.
On Mon, 1 Jan 2001 [EMAIL PROTECTED] wrote:
> On Sun, Dec 31, 2000 at 01:10:25PM
On Mon, Jan 01, 2001 at 08:33:05PM -0800, Dale Babiy wrote:
> > I agree in the short run, but in the long run, I think browsers should
> > evolve to support freenet: the same way they have evolved to support
> > things like HTTP, FTP, proxies, gopher, wais, HTML, etc.
>
> *grins* well here I run
On Mon, Jan 01, 2001 at 10:21:00PM -0500, [EMAIL PROTECTED] wrote:
> On Sun, Dec 31, 2000 at 01:10:25PM -0800, Dale Babiy wrote:
> > On Sat, Dec 30, 2000 at 08:53:25PM -0500, news wrote:
> > > And of course browsers *could* implement this functionality themselves.
> >
> > It seems risky to make t
On Sun, Dec 31, 2000 at 01:10:25PM -0800, Dale Babiy wrote:
> On Sat, Dec 30, 2000 at 08:53:25PM -0500, news wrote:
> >
> > And of course browsers *could* implement this functionality themselves.
>
> It seems risky to make the assumption that all browser code should be
> trusted esp. given that
On Sat, Dec 30, 2000 at 08:53:25PM -0500, news wrote:
>
> And of course browsers *could* implement this functionality themselves.
It seems risky to make the assumption that all browser code should be
trusted esp. given that we have no ability to audit the code. A piece of
firewalling code would
On Sat, Dec 30, 2000 at 08:21:29PM -0500, Benjamin Coates wrote:
> >Is the only possible anonymity threat something that causes the browser to
> >make a request over a non-freenet protocol like http? I mean, can we say
> >JavaScript is OK so long as it doesn't trick the browser into making
> >a n
>From [EMAIL PROTECTED]
>Is the only possible anonymity threat something that causes the browser to
>make a request over a non-freenet protocol like http? I mean, can we say
>JavaScript is OK so long as it doesn't trick the browser into making
>a non-freenet request?
>
>If so, you can easily pro
On Fri, Dec 29, 2000 at 09:03:45PM -0500, Benjamin Coates wrote:
> >From Brandon <[EMAIL PROTECTED]>
> >BC:
> >> I just want to mention that I don't think it's realistic to just forbid
> >> client-side code in Freenet; Far too many applications will need it,
> >> especially since the server-side
There's an extra carriage return in the mime type of that page. That's an
error that happened during the insert... As a temporary fix, I added a
"trim()" call on the mime type. Should try to find how the CR got in there
in the first place.
Now that page fails due to the right reason (external
>From Brandon <[EMAIL PROTECTED]>
>BC:
>> I just want to mention that I don't think it's realistic to just forbid
>> client-side code in Freenet; Far too many applications will need it,
>> especially since the server-side code that makes many web things possible
>> isn't available on Freenet, and
> "BC" == Benjamin Coates <[EMAIL PROTECTED]> writes:
BC> I just want to mention that I don't think it's realistic to
BC> just forbid client-side code in Freenet; Far too many
BC> applications will need it, especially since the server-side
BC> code that makes many web things p
BC:
> I just want to mention that I don't think it's realistic to just forbid
> client-side code in Freenet; Far too many applications will need it,
> especially since the server-side code that makes many web things possible
> isn't available on Freenet, and we can't realistically add every c
>From Ian Clarke <[EMAIL PROTECTED]>
>
>Also, once date-based updates are implemented properly in FProxy, there
>should be no good excuse for Javascript in-future.
>
>Ian.
I just want to mention that I don't think it's realistic to just forbid
client-side code in Freenet; Far too many applicati
On Thu, Dec 28, 2000 at 02:33:53AM -0800, Dev Random wrote:
> Okay, although I will prune mime types that are potential holes
> (e.g. Flash can go to arbitrary URLs).
Er, I am getting:
Warning: Unknown mime type text/html on
SSK@u1AntQcZ81Y4c2tJKd1M87cZvPoQAgE/pigdog+journal/2000-12-25/index.htm
On Thursday 28 December 2000 05:33, Dev Random wrote:
> As to image/jpeg, it is already in the list, so I don't understand how you
> are getting this. See SimpleFilter.java, specifically passthroughTypes.
> It works for me... can you dig deeper?
It works for me too. See below.
>
> On Wed, Dec
Okay, although I will prune mime types that are potential holes
(e.g. Flash can go to arbitrary URLs).
As to image/jpeg, it is already in the list, so I don't understand how you
are getting this. See SimpleFilter.java, specifically passthroughTypes.
It works for me... can you dig deeper?
On We
Okay, I added a config parameter "passthroughMimeTypes" to .fproxyrc . Also
added a sample fproxyrc and modified install.sh to copy it over.
You can add "text/html" to the passthroughs if you want to disable the
mechanism.
On Wed, Dec 27, 2000 at 01:28:46PM -0600, Brandon wrote:
>
> > It does
On Wed, 27 Dec 2000, Brandon wrote:
> > It does the following:
> >
> > - Detects links outside of Freenet and links with embedded question mark
> > - Detects JavaScript
> > - Detects embedded objects/code
> >
> > if any of the above are detected, a warning page is displayed. The user
> > can g
> It does the following:
>
> - Detects links outside of Freenet and links with embedded question mark
> - Detects JavaScript
> - Detects embedded objects/code
>
> if any of the above are detected, a warning page is displayed. The user
> can go ahead and retrieve the page anyways.
How do you t
On Wed, 27 Dec 2000, Dev Random wrote:
> It does the following:
>
> - Detects links outside of Freenet and links with embedded question mark
> - Detects JavaScript
> - Detects embedded objects/code
>
> if any of the above are detected, a warning page is displayed. The user
> can go ahead and r
It does the following:
- Detects links outside of Freenet and links with embedded question mark
- Detects JavaScript
- Detects embedded objects/code
if any of the above are detected, a warning page is displayed. The user
can go ahead and retrieve the page anyways.
Of course, all pages with Jav
23 matches
Mail list logo
