Re: Java "security holes'

• To: ekr@terisa.com, dhudes@panix.com, mrm@doppio.Eng.Sun.COM
• Subject: Re: Java "security holes'
• From: John Lowry <jlowry@bbn.com>
• Date: Mon, 11 Mar 1996 17:21:39 -0500
• Cc: www-security@ns2.rutgers.edu

Is is possible to have a "Java Properties" table in the application
that specifies the kind of behaviors allowed to an applet ?  Such a
property table must be under control of the user.

I could imagine two dimensions initially, properties applied on
a source basis, and properties applied transitively, e.g. from
one applet to another perhaps based on the "least permissive" set
of properties...  Almost sounds like inheritance  ;-)

Hmmm.... interesting topic.  I'll think some more.

John


> From owner-www-security@ns2.rutgers.edu Mon Mar 11 17:10 EST 1996
> Date: Mon, 11 Mar 1996 08:58:08 -0800
> From: mrm@doppio.Eng.Sun.COM (Marianne Mueller)
> To: ekr@terisa.com, dhudes@panix.com
> Subject: Re: Java "security holes'
> Cc: www-security@ns2.rutgers.edu
> 
> We're working on adding a signed class loader to the system, to allow
> for the scenario where some authenticated class can be allowed more
> functionality.
> 
> The hard part is the policy, that is, once you have an applet that you
> *know* comes from Walmart, so what?  Does that mean you allow that
> applet to make connections to other Walmart applets, or does that mean
> you allow that applet to access the Walmart shopping cart which is
> implemented as a file on the client file system?
> 
> (I just made up those two examples so please don't take them as some
> sort of statement about how we want to do things ...)
> 
> Marianne
> JavaSoft
> mrm@eng.sun.com
> 
> 

• Re: Java "security holes'
• From: Adam Shostack <adam@bwh.harvard.edu>

• Previous: Enterprise Security
• Next: Re: Java "security holes'
• Index(es):
  • Index
  • Thread