Fred Cohen notes:
>The following infinite loop will likely cause Hot Java to boil over:
> for (i=0;(i==0));
Another of my hot buttons with Hot Java is that I haven't found a
statement of what client users can expect for behavior. Do you assume
there's always a person present while applets run? Can applets always
be interrupted by the user? Are there integrity issues with such
interruptions? Are directories readable by applets? Do you assume
that _any_ file that may exist on the workstation is fair game for an
applet to ask for? Etc, etc.
The problem is, they're designing a programming language according to
the last generation's vision of language security issues. By leaving
these things unspecified they keep things flexible in the tradition of
conventional general purpose languages. But Java is more than that.
Automatic software distribution over the Net opens a whole universe of
problems. They have to be addressed somewhere. So far their security
story remains an incomplete fragment.
Rick.
smith @
sctc .
com roseville, minnesota
|
|
