iframe dilemma: a compromise?
Roland Ehle
novirus at CARLO65.DE
Wed Nov 6 10:11:42 GMT 2002
Hi David,
Am Mit, 2002-11-06 um 10.52 schrieb David Lee:
[..]
> > In version 4, you can allow IFrame tags from any given "trusted" address,
> > which solves the problem.
> But that doesn't really solve the problem, doses it? It merely replaces
> it with another: a never-ending problem of maintaining a list of such
> trusted addresses submitted by our 15K-20K users.
finally it is your decision, which one is the petty evil to you.
> Even if that were feasible (doubtful!), how would we (the service provider
> in the university) judge what really is to be "trusted"?
You can't! Never, that is my opinion.
I run a site with several domains and I decided not to allow IFrame
tags. My customers understand it and there were no problems so far.
Julian did a very good job with MailScanner 4.x and of course it is not
his task to solve anybodys organisational problems. I am sure, if you
convert HTML-mails containing IFrame tags to text-only, you are going to
have a whole bunch of user complaints on your desk.
Maybe, I did not understand you correctly, but it seems to me, that your
favourite decision should be "Allow IFrame tags = no", because you will
not find a 100 percent secure solution.
Regards,
Roland
Sorry for my poor english
More information about the MailScanner
mailing list