System Security Concerns: WWW Client (cont.)

Things to watch for:

Beware user "mailcap" files

application/x-csh; csh -f %s

Gigantic browsers ==> Potential security holes

may be exploitable "system()" calls to external applications
Can we inspect source code?

New portable-code languages address these security concerns

Java
Python
Safe-TCL

Note: firewalls may help, but they won't stop trojan horses!