iframe dilemma: a compromise?

Roland Ehle novirus at CARLO65.DE
Wed Nov 6 10:11:42 GMT 2002


Hi David,

Am Mit, 2002-11-06 um 10.52 schrieb David Lee:
[..]
> > In version 4, you can allow IFrame tags from any given "trusted" address,
> > which solves the problem.
> But that doesn't really solve the problem, doses it?  It merely replaces
> it with another: a never-ending problem of maintaining a list of such
> trusted addresses submitted by our 15K-20K users.

finally it is your decision, which one is the petty evil to you.

> Even if that were feasible (doubtful!), how would we (the service provider
> in the university) judge what really is to be "trusted"?

You can't! Never, that is my opinion.

I run a site with several domains and I decided not to allow IFrame
tags. My customers understand it and there were no problems so far.

Julian did a very good job with MailScanner 4.x and of course it is not
his task to solve anybodys organisational problems. I am sure, if you
convert HTML-mails containing IFrame tags to text-only, you are going to
have a whole bunch of user complaints on your desk.

Maybe, I did not understand you correctly, but it seems to me, that your
favourite decision should be "Allow IFrame tags = no", because you will
not find a 100 percent secure solution.

Regards,
Roland

Sorry for my poor english



More information about the MailScanner mailing list