On 11.06.2010 15:24, Adrien de Croy wrote: > > I raised this problem a while back. > > All the browsers except Opera (limited case) make no complaint when a > download is truncated. This is whether it's chunked and doesn't receive > a final 0 chunk, or whether there's a content length and the connection > is closed (whether or not the server indicated it would close) prior to > that many bytes being transferred. > > I personally view this as highly problematic, and it's tied in with the > work I've been doing recently with scanning at a proxy. > > The reason it's problematic, is because every single proxy I've tested > (TMG/ISA, WinRoute, WinGate, Webmarshall - admittedly there are many > more) does something called either "drip-feeding" or "trickling". If > you're downloading a file through one of these proxies, they will send > you a portion of the resource as it's coming down to the proxy. When the > proxy has received the whole file, it scans it and sends the rest if > it's ok, but if it's not ok, it has 1 option only - abort the connection. > > Since the browsers ignore the connection having been aborted, and > present the downloaded file as if nothing was wrong, then any malware > purveyor need only pad their malware out, so that the executable part > will fall within the drip-feeding window. It basically renders AV at > gateway potentially useless. > > If OTOH the browsers were to act on the fact that the download was > aborted, this wouldn't be nearly as big a security risk. > > Regards > > Adrien +1 to all of this (the problem also applies to cases where the server breaks while sending the content). Do we have a test case for this? For the browsers that get this wrong, are there bug reports? Best regards, JulianReceived on Friday, 11 June 2010 13:33:36 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:20 GMT