[Previous] [Next] [Index]
[Thread]
Re: Java and trojans: any last words before Netscape 2.0 is out?
On Tue, 19 Sep 1995, Prentiss Riddle wrote:
> Netscape Communications Corp. has announced the impending release of a
> beta version of Netscape 2.0 to include Java support.
>
> Is there anything to add to this assessment? Are we walking knowingly
> into a significant decrease in the security of the average Internet
> site? Should security-minded sysadmins ban Java and Netscape 2.0 from
> their systems?
>
If people have more to loose than gain and are worried about this
release - then let them set their firewall HTTP proxy to block all
requests to URLs of the form http://..../*.class.
Note - I don't know wether Netscape introduced a new extension for
their Java-like scripts - but if they did it might be worth
considering restricting responses with a MIME content of
"application/octet-stream".
Hopefully - they can then work out their own policies in their own
good time.
> [Note the wide crossposting. I would like to see an open discussion
> between between the Java and security communities on this issue. If
> you agree that's a good idea, please direct followups via mail to:
I think it might be a tad late for a last ditched discussion on
the topic. I can't see Netscape/Lawyers/Sun changing their minds :-)
Adam
--
+1-203-730-5437 | http://www.micrognosis.com/~ajack/index.htm
References: