[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")



On Fri, 3 May 1996, Bill Frantz wrote:

> At  9:03 AM 5/3/96 -0400, Perry E. Metzger wrote:
> >... The problem I have is
> >that I expect that increasingly pages will arise for which information
> >can only be extracted with the use of Java. Some flunky from some desk
> >will will come up and scream "what do you mean I can't get a copy of
> >Foo Corporation's merger press release because we won't run some
> >program! Thats bullshit! Do you know how much money the risk arb desk
> >pulls in, you twit! This must never happen again! Fix it immediately!"
> 
> to sell an OS with strong security features.)  The only thing I can suggest
> to you is, spend the bucks, desk real estate, confusion etc. and have two
> machines; a secure/reliable one and an insecure/unreliable one.  Make sure

As far as I can tell, Perry's requirements are that *no* uncertified "code" 
should be running anywhere inside the firewall, whether it be a java 
applet or a game disk brought in by a temp in settlements.

One application of Solid Oak could be used to help out here; many applets 
are not custom written for a single page, but are instead just instances 
of fairly standard code. If this code is signed for by the software house 
that produced the applet, then the code can be accepted or rejected based 
on a approved vendors list.  This works for most medium security applications

There are situations where this is not enough; normally these 
organisations will have there own security divisions capable of doing 
there own evaluations. In these cases, the local security division could 
sign the code, and the application on the desk be configured to only run 
applets authenticated by the local security team.

Simon
   
---
       We are a bunch of hackers, networked through the soil
       Fighting for the TCP we gained by honest toil
       And when our bytes were threatened, then the cry rose near and far
      "Hurrah for the Buggy GNU Hack that comes in lots of tars"