Re: Java Hole: Web Graffiti & Covert Channels

• To: "Donald T. Davis" <don@cam.ov.com>
• Subject: Re: Java Hole: Web Graffiti & Covert Channels
• From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
• Date: Fri, 10 May 1996 14:23:25 -0700
• CC: Jacob Rose <jacob@hummingbird.whiteshell.com>, www-security@ns2.rutgers.edu
• References: <199605101608.MAA01266@gza-client1.cam.ov.com>

Donald T. Davis wrote:
> the point of the complaint, is that java is supposed to be more
> secure than CGI; that's one of java's main design goals, and one
> which java has consistently failed to meet.

If x and y are both divisible by a small prime, that has no bearing on
whether x>y or x<y.

If java and CGI are both vulnerable to (or more accurately, "presumed
guilty by association with") a problem in something on which they both
depend, that has no bearing on whether java is more or less secure than
CGI.

Jobs was onto something by combining server and client execution.  Both
are important.

> jacob rose replied:
> > Goodness, everyone.  This is not a bug in Java!  You can do this with a
> > CGI script!  ...  So, really, this problem has nothing to do with Java,
> > it's simply a consequence of hypertext.

• Re: Java Hole: Web Graffiti & Covert Channels
• From: "Donald T. Davis" <don@cam.ov.com>

• Previous: Re: Verisign and Certificates
• Next: Re: Verisign and Certificates
• Index(es):
  • Index
  • Thread