The World Wide Web Security FAQ
- Version 1.3.0
- New section on ActiveX
- New section on HTTP cookies
- Brought sections on electronic commerce up to date.
- Added section on log security hole in Macintosh WebSTAR
- URL and spelling fixes.
- Version 1.2.4
- The Java section has been enlarged in light of new
- Multiple links updated.
- Reports of problems with
util.c library in
Apache and NCSA httpd have been added to the servers bug
- Bibliography expanded.
- List of mirror sites is rapidly growing.
- Version 1.2.3
this section has been largely rewritten.
- Mirror sites are now listed.
- Added The Risks Digest to the bibliography.
- Version 1.2.2
- Split the FAQ into bite-sized pieces so that people across the
Atlantic can fetch it.
Client-Side Security section (this caused a renumbering of questions
fixed in Netscape 2.01.
- Updated section on Microsoft IIS server to reflect the fact that the .BAT file
hole is closed.
- Added results of WebStar challenge to section on Macintosh servers.
- Version 1.2.1
- Properly credited Jennifer Myers as the discover of the
- Version 1.2.0
- Increased coverage of the extremely serious holes
or if anyone in your organization is, read
- Added the Microsoft IIS server
to the list of Windows NT servers
afflicted by the .BAT CGI script hole.
- Coverage of the security hole recently found in the
util.c CGI library distributed by NCSA httpd
and incorporated into many C-language CGI scripts.
- Version 1.1.9
one confused by the similarity in names?
- Version 1.1.8
- Version 1.1.7
- The O'Reilly WebSite server has the same hole in .BAT CGI scripts
as the Netscape server, so the specific problems section has been
updated to reflect this fact.
- Updated the SSL section to reflect the SSL patches for the
- Version 1.1.6
- Created a new section on security holes in specific problems
and populated it with two recent reports on Netscape Communication
Server for Windows NT. This section will grow longer;
the emphasis on Netscape is a startup artefact.
- Version 1.1.5
- Fix to the perl code for sending mail safely. Thanks to]
William DenBesten for finding this one.
- Version 1.1.4
- Fixed a typo in the example of password protecting a page.
- Version 1.1.3
- Fixed a bug in the Perl regular expression for parsing
internet e-mail addresses (caught by Enzo Michelangelo).
- Fixed address of Trusted Information Systems FTP
- Version 1.1.2
- Added discussion of IP address restriction suggested by
- Version 1.1.1
- Added the European mirror site at www.Austria.EU.net
- Version 1.1
Lincoln D. Stein, firstname.lastname@example.org
Whitehead Institute/MIT Center for Genome Research
Last modified: Fri Nov 8 02:31:48 EST 1996