[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java security concerns




Ray Cromwell writes:
>   Yes, it may be possible that exploiting holes in Java will be easier
> than those in sendmail, just as it is easier to exploit a hole in 
> software on a networked machine rather than a non-networked one. But this
> can not be an argument against Java or its utility. The same arguments
> were raised when Postscript first came out, yet the huge benefits
> of postscript are obvious, while the amount of security damage
> done by it is minimal.

Postscript is completely safe if the interpreter is emasculated, and
most of them are. (It is a huge risk when run on a non-emasculated
interpreter, but fortunately it is easy to castrate one of the things.)

Java isn't like that, unfortunately. I wish it was simply a
display-postscript like thing that built pretty pictures inside a
confined window -- I could trust that to be done right if it was done
carefully.

Perry