I respectfully disagree with this statement in principle. I agree one should check their corporate IT security policy before programatically passing through. But to infer non-compliance ( at best ) or intentional misuse ( at worst ) based off the parent node is IMHO not logical.

I have used this very technique to do things like update my installed modules via PPM; to verify a web server is answering on the public internet from my corporate gateway as part of systems monitoring; etc. Such methods were not addressed in the corporate guidelines nor was I ever asked to investigate any such doings as a Security Administrator.

I anticipate that, as proxy access is performed via username and password, this user has requested and was granted such access. /s?he/ is then monitorable and auditable. Nothing in the original node leads me to anticipate ( even as a sceptical security admin ) that anything is amiss.

I believe one should make as certain as possible than the data they acquire in this fashion offers no threat to the corporate assets. But to my eyes the threat here is no better or worse than that the average l^Huser can accomplish via IE or Netscape interactively.

Anyway, I rant. YMMV :-)

UPDATE: corrected typos ...

HTH
--
idnopheq
Apply yourself to new problems without preparation, develop confidence in your ability to to meet situations as they arrise.

~ Shunryu Suzuki