[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: java security concerns

To: Ray Cromwell <[email protected]>
Subject: Re: java security concerns
From: "Perry E. Metzger" <[email protected]>
Date: Tue, 10 Oct 1995 00:57:43 -0400
Cc: [email protected]
In-Reply-To: Your message of "Tue, 10 Oct 1995 00:42:27 EDT." <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Ray Cromwell writes:
>   Yes, it may be possible that exploiting holes in Java will be easier
> than those in sendmail, just as it is easier to exploit a hole in 
> software on a networked machine rather than a non-networked one. But this
> can not be an argument against Java or its utility. The same arguments
> were raised when Postscript first came out, yet the huge benefits
> of postscript are obvious, while the amount of security damage
> done by it is minimal.

Postscript is completely safe if the interpreter is emasculated, and
most of them are. (It is a huge risk when run on a non-emasculated
interpreter, but fortunately it is easy to castrate one of the things.)

Java isn't like that, unfortunately. I wish it was simply a
display-postscript like thing that built pretty pictures inside a
confined window -- I could trust that to be done right if it was done
carefully.

Perry

Follow-Ups:
- Re: java security concerns
  - From: Aleph One <[email protected]>
- Re: java security concerns
  - From: [email protected] (Dr. Frederick B. Cohen)

References:
- Re: java security concerns
  - From: Ray Cromwell <[email protected]>

Prev by Date: Re: Java bugs found?
Next by Date: Re: Java bugs found?
Prev by thread: Re: java security concerns
Next by thread: Re: java security concerns
Index(es):
- Date
- Thread