Mike Mueller wrote: > > .... It seems that the safest form of information push is > unformatted text.
Wouldn't it be sufficient to limit the formats to those that don't have the expressive power to command the receiver to do arbitrary things? For example, HTML can't hijack a browser (or HTML-capable e-mail reader) with scripting turned off, can it (ignoring buffer-overflow bugs)? Similarly, executable formats like Java, which has a comprehensive security model, would be better if you ever really did need to deliver executable code. (No, I didn't say Java implementations are perfect, but there are a lot more layers of security to break through.) Daniel -- Daniel Barclay [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
