[Previous] [Next] [Index]
[Thread]
Re: Java/Netscape security holes: hole du jour and summary
John Robert LoVerso wrote:
>
> > > Like John LoVerso, I *don't think* JavaScript belongs in ``languages''
>
> Correction: I did not say that that. Naturally, JavaScript belongs under
> Languages. What I did mention was that, IMHO, it didn't belong under
> the title "Java".
>
> John
Perhaps I misunderstood your original email. In your email of Thu, 02 May
1996 22:35:34 -0400, you said to Chris Woods <cjwoods@paladin.com> and
myself, and I quote, ``I personally think they shouldn't list "JavaScript"
under the Java language section, too.''
Correct me if I'm wrong, you're saying that although it DOES belong under
Languages, it doesn't belong ``under the title Java'' as you said in your
most recent email, meaning that Java should not be lumped together in the
Languages section with JavaScript?
If that is what you meant, then we're in agreement, since that is what I
*meant* to say above but obviously didn't express myself clearly there. (I
was referring to the ``Languages'' section in Netscape 3.0 in my initial
note where they lump together ``Java'' and ``JavaScript'', which contains
the toggles ``Enable Java'' and ``Enable JavaScript''. This was also an
aside from my real question regarding why they moved these toggles, which
I'll reiterate later.)
At the time I said this, I wasn't aware that all the security bugs had been
worked out with Netscape 3.0, and that it now poses no security risk to
corporations. Hopefully they'll do some P.R. work, for example at my
company, the firewall is not allowing me to run Java applets (and I *think*
they are disabling this for security reasons). It DOES allow me to run
JavaScript.
My initial question if I remember correctly, was this: Did Netscape
specifically move Java and JavaScript BOTH out of ``Security'' because users
could assume that BOTH (even though they're separate animals altogether, I
realize) pose no security risk whatsoever (and if that wasn't the reason,
was there another reason)? Also can I gather then, that you're satisfied
that Java and JavaScript *each* pose no security risk and therefore no
longer belong in ``Security''. (*Or conversely* do you think Java still
poses risks while JavaScript does not, or some other combination of
possibilities.)
I apologize for any confusion my note may have initially created. I'm in
the fact gathering mode to try to convince my company to turn-on Java applet
capability (at least in my division), if they haven't already done so in the
last day or two without my knowledge.
Gene
--
``Imagine if every Thursday your shoes exploded if you tied them
the usual way. This happens to us all the time with computers,
and nobody thinks of complaining.'' -Jeff Raskin
______ gene@cup.hp.com
/\__ _\ ingram@pubs.holosys.com
\/_/\ \/ ___ __ _ __ __ ___ ___
\ \ \ /' _ `\ /'_ `\/\`'__\/'__`\ /' __` __`\
\_\ \__/\ \/\ \/\ \L\ \ \ \//\ \L\.\_/\ \/\ \/\ \
/\_____\ \_\ \_\ \____ \ \_\\ \__/.\_\ \_\ \_\ \_\
\/_____/\/_/\/_/\/___L\ \/_/ \/__/\/_/\/_/\/_/\/_/
/\____/
________________________\_/__/____________________________________
PGP UserID: "Gene Ingram <gene@cup.hp.com>"
Key Size: 1024 bits; Creation date: 21 March 1996; KeyID: 9FEBA191
Key fingerprint: 93 E1 15 E6 35 BC B2 84 B2 7B 39 76 29 72 32 72
--3D signature created courtesy of ``Figlet Ascii Font Converter''
<http://mediacube.datacom.de/cgi-bin/moniteurs/figlet>
References: