- From: Roy T. Fielding <fielding@ebuilt.com>
- Date: Thu, 9 Aug 2001 11:48:36 -0700
- To: Keith Moore <moore@cs.utk.edu>
- Cc: Jacob Palme <jptest@dsv.su.se>, discuss@apps.ietf.org, Kristine Andersen <kristineandersen@hotmail.com>, Christer Backman <asphalt_world@hotmail.com>, Fredrik Björck <bjorck@dsv.su.se>, Mats Wiklund <matsw@dsv.su.se>, Sead Muftic <sead@dsv.su.se>
On Thu, Aug 09, 2001 at 01:39:00PM -0400, Keith Moore wrote: > in a nutshell, my view is that if people are using a web browser > on the client end to view the content, then it's reasonable to use > port 80 on the server end. > > otherwise, it's probably not reasonable to use port 80. Right. Port 80 is reserved for the Web, not HTTP. The notion that a firewall is any more or less secure because of people promoting pseudo-standards that tunnel over HTTP is missing a bit of common sense. Someone trying to break through a firewall isn't going to obey IANA port reservations, let alone protocol standards. Security will depend on how the firewall has been configured and will require some level of content filtering on any ports that it exposes to the outside world. HTTP makes that a bit easier than most protocols, but only when it is used appropriately. People installing software on the firewall that allows inappropriate use of HTTP to pass through will be reducing the security of that firewall. ....Roy
Received on Thursday, 9 August 2001 14:50:58 UTC