[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java & Netscape security (reply to misc. postings)



> 3.  Postscript considered dangerous:   (insert-smiley) 
> 
> As for the question of someone invoking a postscript interpreter via a
> browser and thus opening up their system to some rogue postscript
> file: I think it would be great if either of these two things were to
> magically happen:
> 
> 	1) people would stop putting postscript docs on web pages
> 	because it's the wrong technology for WWW - it wastes
> 	bandwidth - it's hard to view & hence often ugly - everyone
> 	just prints it out anyway and then complains because there
> 	is no one "standard" implementation of postscript printing
> 	worldwide and there are dozens of minor problems
> 
> 	2) someone could implement a secure postscript previewer
> 	(whatever that means!) 
> 
> I doubt either of those two things will happen.  The average Jo on the
> internet needs to understand that when s/he downloads binary files
> over the internet and run them from insecure programs on their local
> computer, well, s/he runs some risk.  This risk might be tiny, but
> it's impossible to quantify loss.  If I lose a poem that I'm writing,
> to me that's priceless, so I do not intend to imply that loss of data
> isn't tragic for the person who loses it.  If you have data you can't
> bear to lose, be sure to practice safe computing.  Perform backups
> regularly, and use judgement about which interpreters and executable
> programs you allow to run on your PC.
> 
> Marianne

It seems clear from this that Netscape, or at least Marianne who seems
to speak for Netscpe, doesn't understand the protection issues that my
clients face.  I will nevertheless forward this official Netscape line
to them so they can better understand why I tell them it is insecure.

-- 
-> See: Info-Sec Heaven at URL http://all.net/
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236