Thought I'd reply to the firewall list as well. If you are concerned about
Java you may want to know about this, esp. the applets part below.
- I don't know if this is any type of real threat to firewalls but I don't
have lots of time to research and would like to hear others opinions.
The real issue here is how many other projects for browsers and languages
are in the works and will "the security folks" (us?) sponsor any as secure?
Hmm.... A comittee on security standards for internet "applet" languages....
Ouch! Looking at IETF groups is how I found this in the first place.
At 01:09 PM 4/24/96 -0400, F. L. Charles Seeger III wrote:
>| Are Grail and Python a copycat of Java and JavaScript? Is it even
>| competition? Who needs nightmares, just read the news.
>
>Never heard of Grail. Would you please forward any references that
>you might have about it?
http://www.cnri.reston.va.us/ is an interesting home page for the IETF's
parent organization. Both are under Projects.
>
>Python has been around a number of years, so it easily predates Java.
>I've never used it personally, but it sounds like more of a perl
>competitor, used by people that tend to find perl code to be "write-only",
>much like APL was considered by many in the mainframe days. As you may
>already know, python has its own Usenet newsgroup, comp.lang.python.
No, I didn't. Just happened on it while exploring but plan to check it out
"someday". From the Grail doc it sounds like direct competition.
You can read the following yourself in HTML color format at :
http://monty.cnri.reston.va.us/grail-0.3/
--------------------------------------------------
"Introduction
Grail is an extensible Internet browser. It supports the protocols and file
formats commonly found on the World-Wide Web, such as HTTP, FTP, and HTML,
but, unlike most browsers, it is also easily extended to support other
protocols or file formats, such as CNRI's handle protocol. Grail is
Distributed by CNRI free of charge, and can be freely redistributed (within
reason).
Grail is written and extensible in Python, a free object-oriented programming
language. It also uses Tk, a free UI toolkit by John Ousterhout. Grail
should run on any Unix system to which Python and Tk have been ported - i.e.
almost all Unix systems supporting X11. In particular, Grail is one of the
few web browsers that support Solaris for Intel x86 processors. Mac and
Windows ports are in the works, depending on stable ports of Tk to those
platforms (and a lot of RAM).
Applets
Grail lets you download fragments of Python code that execute inside the
browser on your local machine. These little Python applications ("applets")
can do things like display animations, interact with the user in new ways,
even create additional menus that pop up dialogs if you like. If you are
using Grail 0.3 " etc....
--------------------------------------
I don't know if this is any type of real threat to firewalls but I don't
have lots of time to research and would like to hear others opinions.
The real issue here is how many other projects for browsers and languages
are in the works and will "the security folks" (us?) sponsor/identify any as
secure?
Hmm.... A comittee on security standards for internet "applet" languages....
Ouch! Looking at IETF groups is how I tripped on this in the first place.
Adam Safier
CSC-SED-Infosec
asafier @
csc .
com
Expressed opinions are my own and do not reflect the views and opinions of
my employer.
|
|
