>Date: Tue, 30 Jul 1996 19:40:17 -0400
>From: Russ <Russ .
Cooper @
RC .
Toronto .
on .
ca>
>Subject: RE: Java security
>For all those who think that filtering Java applets are the way to go,
>think of this. I set my Netscape cache to never expire. I take my
>portable home and access the Internet through my private connection and
>download a malicious applet. I go back into the office to show everyone
>this neat new applet I've found. Bingo, the applet can run despite the
>wonderful filter on the Firewall. I'm not even trying to be malicious,
>I'm just an uneducated user...;-]
But this is where a well stated, executed, watched, etc. security policy
comes in. This is also where those who are concerned about security educate
their user community against the dangers you've written about. What I have
found is that most companies put these measures in place, secure their
firewalls, come up with a security policy, but don't prevent this or users
from adding modems to their machines and dialing out to ISPs to grab these
applets.
>We need a way to turn off what we consider insecure, and prevent it from
>being turned on again by the user. This doesn't exist in any browser
>that I've seen so far, but it will be more possible when the browser and
>the OS are the same thing, when we can use authentication servers to
>provide permission profiles back to the OS.
Now you're talking about the "NC" (Larry Ellison would love you :-). What
about those of use who will never use these things and have an X terminal or
a workstation on his desk. Maybe someone should consider adding this to the
httpd proxies and telling the Netscapes and Microshafts of the world to
allow the proxy also broker the configuration parameters for the browsers
that connect to it. Just a thought.
scott barman
barman @
ix .
netcom .
com
http://www.netcom.com/~barman
|
|
