[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Calling other code in Java applications and applets
Marianne Mueller ([email protected]) writes that
>
>people need to be aware up front
>that calling native code from a Java applet disables
>any security that might otherwise be enforced for the applet.
>
Would it be more accurate to state that native code called by a
Java applet disables Java virtual machine security, but is still
bound by security policies enforced by the operating system itself?
It would be most unfortunate if a browser run by an unprivileged
user could attain "root" privileges by running a Java applet that
called an appropriate (or inappropriate) native method.
Of course, on inherently unprotected systems (PC's), there is
indeed no protection. Perhaps Java will cause vendors to improve
overall operating system robustness.
Martin Minow
[email protected]