[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Securing ActiveX.
Why do people talk about sandboxes? Sandboxes are places
where people play. I want to run hostile code in a jail cell, with
carefully designed interfaces where my jailers can control the
messages it sends in and out.
If this is a game, why is Microsoft spending hundreds of
millions of dollars to put ActiveX everywhere? People are going to
start building safety critical systems with these toys, and should be
encouraged to engineer them for real world use.
Crypto relevance? Java is a pretty damned flexible tool for
writing pluggable cross platform modules, including crypto software.
It behooves us to make it solid. See
http://www.brokat.de/welcomee.htm (English version) for plugable
crypto. See Ross Anderson's Murphy's Law paper for why cross platform
is so important. http://www.cl.cam.ac.uk/users/rja14/
Adam
Blake Coverett wrote:
| I would be happier running an ActiveX control with Peter Trei's
| signature on it than I would an unsigned control in a sandbox.
| (This kind of a trust decision is probably the normal case in the
| intranet world. ActiveX as it sits is quite sufficient for rolling
| out internal intranet applications.)
--
"It is seldom that liberty of any kind is lost all at once."
-Hume