> You could block URL's, but the http proxy could also scan for Java code.
> Java code could be removed, or a heuristic scan could be applied to the
> Java code that would check for things like editing of .rhosts, piping
> /etc/passwd into /bin/mail, or whatever. This may be too complex for a
> simple (and therefore secure) firewall.
According to the description I read, Java is a "secure" language. That means
there is no mechanism in the language to interact with anything outside the
language. You can't operate on files, sockets, or streams... which rules
out execing programs, editing .rhosts, connecting to other network connections
or the X server, and so on...
Now I realise that this is my interpretation, but it's been consistent with
all commentary from Sun so far. If it's true, then is there any way that a
Java program could violate security that HTML couldn't?
Incidentally, I provide a network service from my home PC that includes a
pair of such languages: MUF (a forth dialect), and MPI (a sort of bastard
cross between lisp and awk). If you want to check out what you can do from
a secure language, let me know.
Follow-Ups:
References:
|
|
