|
Subject: |
Java insecurities |
|
From: |
manuel .
ricca @
pararede .
pt |
|
Date: |
09 Dec 97 15:16:04 +0000 |
|
To: |
firewalls @
greatcircle .
com (Non Receipt Notification Requested) |
|
Alternate-recipient: |
Prohibited |
|
Autoforwarded: |
FALSE |
|
Conversion: |
Allowed |
|
Conversion-with-loss: |
Allowed |
|
Delivery-date: |
09 Dec 97 15:16:06 +0000 |
|
Importance: |
normal |
|
Message-type: |
Multiple Part |
|
Original-encoded-information-types: |
Teletex |
|
X400-content-type: |
P2-1984 |
|
X400-mts-identifier: |
[/PRMD=pararede/ADMD=ip/C=pt;ISOCOR-34719d8c-Tubarao] |
|
X400-originator: |
manuel .
ricca @
pararede .
pt |
|
X400-received: |
by /PRMD=pararede/ADMD=ip/C=pt; Relayed; 09 Dec 97 15:16:04 +0000 |
|
X400-recipients: |
firewalls @
greatcircle .
com |
Hello all,
There are a lot of products that block not certified ActiveX and Java applets.
Does anyone actually know what security risks are involved in Java applets?
I mean, if a Java applet cannot access the file system (right?), the only risk I can see
is it communicating with machines in the Intranet. If a good security policy is defined
this would cause no trouble, since the IP addresses could be hidden with NAT,
and the Web server would probably be in a DMZ anyway.
And what about Java script, that cannot be blocked?
And finally, is there a reason why you cannot certify Java applets?
Thanks,
manuel
-----------------
Manuel Ricca
ParaRede - Tecnologias de Comunicação, S.A.
R. D. Constantino de Bragança, 12 1400 Lisboa Portugal
Tel: +351 1 3020451
Fax: +351 1 3020444
E-mail: manuel .
ricca @
pararede .
pt
|
|
