Re: Java "security holes'

• To: www-security@ns2.rutgers.edu
• Subject: Re: Java "security holes'
• From: Rich Salz <rsalz@osf.org>
• Date: Sun, 10 Mar 1996 01:32:53 -0500

>restriction of utility to the legitimate applets.

The problem is that one can do things with the language, and its
implementation(s), that make it all too easy and all too tempting to write
illegitimate applets.  In the absence of an algorithm for distinguishing
between the two, one must, in the name of safety, close many doors you
might otherwise wish open.

Suppose you download my game and my game knows about the on-line checkbook
that some future Intuit-like applet will create and maintain for you.
Are you certain that the language (and its implementations) will prohibit
my game from creating an empty checkbook with a slightly looser ACL, so
that when you finally do get Java/Checkfree, the next time you play my
game I could write myself an on-line check?
	/r$

• Previous: Java "security holes'
• Next: Re: Java "security holes'
• Index(es):
  • Index
  • Thread