Re: Java/Netscape security holes: hole du jour and summary

• To: Gene Ingram <gene@hpfsvr01.cup.hp.com">gene@hpfsvr01.cup.hp.com>
• Subject: Re: Java/Netscape security holes: hole du jour and summary
• From: John Robert LoVerso <loverso@osf.org>
• Date: Tue, 07 May 96 13:51:59 -0400
• cc: www-security <www-security@ns2.rutgers.edu>, jsw@netscape.com
• In-reply-to: Message from Gene Ingram <gene@hpfsvr01.cup.hp.com> <318F8793.3D0F@cup.hp.com> .

> If that is what you meant, then we're in agreement,

Yup.

As for Netscape's motivation about which section (security vs network)
they belong in, well, that's their call.  I originally thought the only
need to disable these would be for security reasons, but Jeff has made
good points on the contrary.  The buttons do indeed fit in both
catagories and it doesn't really matter where the buttons are, as long
as they are somewhere.

> Also can I gather then, that you're satisfied
> that Java and JavaScript *each* pose no security risk and therefore no
> longer belong in ``Security''.

If I was satisfied about that, I'd be the first to suggest removing the
buttons altogether.  A tiny part of me was still hoping they might
change the defaults to "disabled".  These are complicated facilities,
still undergoing lots of changes.  Its a safe bet to believe that the
last problems haven't been found (or even introduced yet).

John

• From:

• Previous: Re: Java/Netscape security holes: hole du jour and summary
• Next: encryption export bill
• Index(es):
  • Index
  • Thread