[Previous] [Next] [Index]
[Thread]
Re: Java/Netscape security holes: hole du jour and summary
I think the confusion maybe between the first and subsequent Atlas beta.
They DID leave it in the ``Security'' preferences in the FIRST Atlas beta
on HP-UX version (as they did your versions of Unix), but somewhere along
the way, the toggles to disable/enable Java and JavaScript somehow migrated
into the ``Network'' preferences under ``languages.'' For example, in my
first Atlas beta for HP-UX operating system, they hadn't moved
Java/JavaScript yet, NOW I understand your initial response.
Their redesign surprised me, when downloading the LATEST Atlas beta, and I
wondered what ELSE they changed. Well here's WHAT ELSE: When applying for
a credit card using a secure server at http://www.bofa.com, I was not
allowed into the area where it allowed me to complete my application (a
secured area). It gave me the error that the socket was already in use! I
have NEVER had that problem before when logging onto a secured server!
HERE IS HOW I FIXED THE PROBLEM:
Under ``Network'' preferences, I had to toggle the switch
``Allow Persistent Caching of Pages Retrieved Through SSL''
under the ``Cache'' tab. Isn't that rich. :-)
So there we have it, things have changed in more ways than may be apparent
on the surface. I'm sure this ``persistent caching'' thing is a security
enhancement, and would appreciate it if someone could explain why it was
added. It was only by accident that I discovered that the ``socket in
use'' error would prevent me from entering SOME secured sites (but not all,
as I was able to fill out a secured application on another server before
enabling ``Persistent Caching'' under ``Network'' preferences, ``Cache''
section.) I'm puzzled as to why ``Persistent Caching'' is needed in some
secured-server instances but not in others.
Like John LoVerso, I *don't think* JavaScript belongs in ``languages''
either. My question remains, were these toggles moved out of ``Security''
because Netscape no longer considers them a security issue.
Gene
--
``Imagine if every Thursday your shoes exploded if you tied them
the usual way. This happens to us all the time with computers,
and nobody thinks of complaining.'' -Jeff Raskin
______ gene@cup.hp.com
/\__ _\ ingram@pubs.holosys.com
\/_/\ \/ ___ __ _ __ __ ___ ___
\ \ \ /' _ `\ /'_ `\/\`'__\/'__`\ /' __` __`\
\_\ \__/\ \/\ \/\ \L\ \ \ \//\ \L\.\_/\ \/\ \/\ \
/\_____\ \_\ \_\ \____ \ \_\\ \__/.\_\ \_\ \_\ \_\
\/_____/\/_/\/_/\/___L\ \/_/ \/__/\/_/\/_/\/_/\/_/
/\____/
________________________\_/__/____________________________________
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
--3D signature created courtesy of ``Figlet Ascii Font Converter''
<http://mediacube.datacom.de/cgi-bin/moniteurs/figlet>
Follow-Ups:
References: