Great Circle Associates Firewalls
(November 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: What about the next 20 Java-like applications? ( was Re: Java)
From: Mike Shaver <shaver @ neon . ingenia . com>
Date: Sun, 5 Nov 1995 13:48:52 -0500 (EST)
To: mjr @ iwi . com
Cc: firewalls @ greatcircle . com
In-reply-to: <199511042118 . QAA20513 @ switchblade . iwi . com> from "Marcus J. Ranum" at Nov 4, 95 04:18:21 pm 
Thus spake Marcus J. Ranum:
> 	If Java applets run with write permissions turned off, is
> it possible to write an applet that, when you run it, FTPs your
> password file, .rhosts file, $MAIL, etc, to a dead-drop? There
> might be useful stuff in those.

As per the Java documentation, applets do not (under the default
configuration) have any (direct) access to the filesystem.  It's
possible that they could impact the filesystem in some way if the
browser caches images, etc. loaded by the applet, and there's always
virtual memory exhaustion, but there's no direct access.  No reading,
no writing, no executing, no ogling of inodes, nothing.

Mike

-- 
#> Mike Shaver (shaver @
 ingenia .
 com) Ingenia Communications Corporation <#
#>                 UNIX medicine man -- dark magick, cheap!            <#
#>                                                                     <#
#>  When the going gets tough, the tough give cryptic error messages.  <#
#>          "We believe in rough consensus and running code."          <#
References:
Indexed By Date Previous: Info about Secure Net and Secure ID
From: Einar . Landre @ sdata . no (Einar Landre)
Next: Re: Info about Secure Net and Secure ID
From: Paul Ferguson <pferguso @ cisco . com>
Indexed By Thread Previous: Re: What about the next 20 Java-like applications? ( was Re: Java)
From: "Marcus J. Ranum" <mjr @ iwi . com>
Next: Re: What about the next 20 Java-like applications? ( was Re: Java)
From: Rick Smith <smith @ sctc . com>
Google
 
Search Internet Search www.greatcircle.com