On Fri, 22 Mar 1996, Mr. Nick Keenan wrote:
> I went to the same demo -- last friday in Washington DC. Sun is really
> pushing Java, and they are running headlong into the security issues that
> this list faces every day. They are walking a tightrope between security
> and functionality.
Drat... I missed this!! After going through the JDK source I would have
loved to be there! I guess I'm no longer on their mailing list! :-)
> In its current incarnation Java can't write to a file, print, make OS
> requests, access the hardware, or connect via TCP/IP to anything other than
> the computer that provided the current applet.
Umm... there is a javaio superclass. It is up to the browser, app.,
etc. to defined the security constranints. Because Java was written for
doing more than WWW niceties, Java does have I/O capabilites. Listen to
Sun as they talk about Java and where it came from. They're intention
was the internet "toaster"! Gee... just what I want, to program my
toaster from my pee cee!
> Application developers such as myself have been critical: What can it do!
> All it can do is display pictures and output sound. It's a glorified
> television set!
> Security professionals, on the other hand, generally think it can do to
> much. How does Java verify where an applet came from? Are the connections
> secure? It its security model to be trusted?
For what it does now, I think we can implement a server push/client pull
scenario within the current context of HTML+ to do what Java is
> The problem I see is trying to create a one-size-fits-all security model.
It could be OK if they actually implemented this! You would be
surprised at the holes I found in one weekend of perusing the JDK code!
> Most likely you will end up with one-size-fits-none. Also, another problem
> I see is that Java tries to implement security on the user's desktop, where
> what you really want to do is implement it as part of the network and
> communications infrastructure.
Gee... someone who's caught on! I like it!!
> Just my $.02. Flame away.
No flames from here!
scott barman DISCLAIMER: I speak to anyone who will listen,
com and I speak only for myself.
From: Gavin Aiken <gavin @