On Sun, Jun 17, 2001 at 11:35:40AM +1200, David McNab wrote: > So, back to FProxy. > FProxy's 'paranoid' filtering is the only way to go. Block anything that > even remotely smells like an out-of-band hit. Give an inventory of all > potentially compromising content. I now appreciate the wisdom of this > approach.
This is only true because FProxy is feeding the response to an application which can be easily persuaded to connect to arbitrary hosts on the Internet, namely a web-browser. Another alternative is to implement a custom HTML render which does not have this shortcomming. I believe that this is the approach taken by Snarfzilla. The ultimate solution would be not to use ordinary web-browsers at all, however the FProxy approach, pragamtically, is probably better - even though the anonymity filter is a nasty kludge. > Hmm, I'm tempted to attempt a port of FProxy to platform-independent C++. > Have the cake and eat it too :) I believe that someone is working on a new FProxy implementation for 0.4. This is where I suggest people concerned by this focus their efforts. How is your java? ;-) Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20010616/734371b5/attachment.pgp>
