Java "security holes'

• To: www-security@ns2.rutgers.edu
• Subject: Java "security holes'
• From: Dana Hudes <dhudes@panix.com>
• Date: Sat, 9 Mar 1996 22:11:52 -0500 (EST)

I am new to Java. I understand some folks are afraid of the ability to
have a d/l applet proceed to contact any host on the net . BUt applets
cannot access local files. The Java concept is the diskless workstation
which has Netscape or other Java browser in EEPROM (along with an O/S and 
network stack, which of course does not have to be TCP/IP as long as 
sockets are supported) and maybe an Object Request Broker in there as well
(a few meg of EEPROM all told!). 

Restricting outgoing connections (or incoming!) to the server you got the 
applet from is a heavy restriction of utility to the legitimate applets.
You prohibit two stations on the net from talking, you eliminate data 
sharing between peers. One cannot have a multiplayer game. One cannot 
contact a certificate server . One cannot access a database server that 
is different from the web server.

The most secure environment is disconnected from the outside world. 
THa'ts the line you're headed down.

• Re: Java "security holes'
• From: Dan Stromberg <strombrg@hydra.acs.uci.edu>

• Previous: NT WWW Vulnerabilities?
• Next: Re: Java "security holes'
• Index(es):
  • Index
  • Thread