Re: _DNS_ security problems

• To: ekr@terisa.com
• Subject: Re: _DNS_ security problems
• From: Rich Salz <rsalz@osf.org>
• Date: Fri, 1 Mar 1996 21:07:40 -0500
• Cc: www-security@ns2.rutgers.edu

>Saying java is responsible for fixing this problem, is like saying 
>sendmail is responsible for fixing the syslog problem.

No.

If Java decides to add DNS to its trusted computing base, then Java is
responsible for knowing the implications of doing so.  If java safety in
this area were based on IP addresses rather then an unsecured name/address
database, then there would be fewer concerns (modulo IP hijacking, etc.)

It all goes to reinforce the notion that security, even if watered-down under
the rubric safety, is generally not a game for amatuers.
	/r$

• Re: _DNS_ security problems
• From: Dan Stromberg <strombrg@hydra.acs.uci.edu>

• Previous: Portuguese government wants to free a Terrorist.
• Next: IIS - .CMD/.BAT Patch Provides Security Enhancements to IIS
• Index(es):
  • Index
  • Thread