[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Microsoft ammunition
>From Infoworld:
>
> March 24, 1997
>...
> If seamless, safe desktop access to remote files
> on the Internet is the goal, Microsoft is spinning
> its wheels. There is really only one way to
> provide these features without introducing a local
> security risk. You have to eliminate the
> possibility that anything you run can affect your
> local drives. Better still, get rid of your local
> drives.
The author misses the point. Whether your personal files are stored on a
local disk or on a server doesn't matter. What matters is whether random
downloaded code (again, Java or ActiveX doesn't matter) can use your
authority to read/modify those files. The ActiveX model of, "It's signed
by XYZ Corp. Of course it's safe." is so much bullshit.* The Java
approach of running untrusted code in a safe box is better, but doing it by
validating the safety of object code requires trusting a large complex
verifier.
* See Norm Hardy's paper, "The Confused Deputy", which I believe is still
available through the EROS page at the University of Pennsylvania.
-------------------------------------------------------------------------
Bill Frantz | Back from caving in Borneo.| Periwinkle -- Consulting
(408)356-8506 | Great caves. We mapped | 16345 Englewood Ave.
[email protected] | 25KM on the expedition. | Los Gatos, CA 95032, USA