From: "Harry S. Hawk" <habs@warwick.com>
Date: Thu, 16 Nov 1995 11:41:42 +0800
To: jsw@netscape.com (Jeff Weinstein)
Subject: Java Security Class in Netscape (was: Netscape rewards are an insult)
In-Reply-To: <30AAA306.64CF@netscape.com>
Message-ID: <199511160324.WAA25357@cmyk.warwick.com>
MIME-Version: 1.0
Content-Type: text/plain



Jeff wrote:
> All of these security measures are implemented by Netscape in the
> current release.  Specifically, Netscape Navigator 2.0beta2
> includes all the applet security precautions detailed in the recent
> comp.lang.java posting.  Netscape has been shipping the fixed
> applet security model for over a month(since 2.0Beta1), and
> Netscape and Sun continue to cooperate and work closely on applet
> security issues.

All of these are very conservative measures and they seem to be the
best approach for the present. They do remove some of the more
interesting features of Java. Sun commented to me in an interview that
"we would not see a more complex security model until they adding
encryption and digi-sig's, etc."

My question is, can a corporate user replace the security class in
Netscape. I understand that all the class libs are in an external
file. While a virus might exploit this... my reason for asking is for
corporate developers who are building "intra"net systems.. making some
tweaks to the security class would give them the flexibility they need.
Otherwise we have taken much of the fun out of Java. (for good
reasons).