From: frantz@netcom.com (Bill Frantz)
To: br@scndprsn.eng.sun.com (Benjamin Renaud)
Message Hash: eeaf82d17e315b195970a38866ce97cf51e32c44c225b563d0ea9557833f1f18
Message ID: <199601301931.LAA02257@netcom6.netcom.com>
Reply To: N/A
UTC Datetime: 1996-01-31 01:17:34 UTC
Raw Date: Wed, 31 Jan 1996 09:17:34 +0800
From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jan 1996 09:17:34 +0800
To: br@scndprsn.eng.sun.com (Benjamin Renaud)
Subject: Re: FL Demonstrates Fatal Flaw in Logins
Message-ID: <199601301931.LAA02257@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
At 8:49 AM 1/30/96 -0500, Perry E. Metzger wrote:
>Benjamin Renaud writes:
>> The only events a Java applet is privy to are those that are typed in
>> an applet window (and only those it itself spawned).
>
>Don't say "is privy". Say "is supposed to be privy". Doubtless bugs
>will appear in java security in the future -- they've shown up in the
>past.
My bigest worry about Java security is the size of its "security kernel".
Having a small, well defined, security kernel is a big advantage. All the
better if the source is available for public review. Java has a large, and
to me somewhat undefined "security kernel".
(BTW - I havn't been able to find on the web pages the kind of overview of
the libraries which would make the detailed method descriptions make sense.
Perhaps I havn't looked in the right place.)
-----------------------------------------------------------------
Bill Frantz Periwinkle -- Computer Consulting
(408)356-8506 16345 Englewood Ave.
frantz@netcom.com Los Gatos, CA 95032, USA
Return to January 1996
Return to “frantz@netcom.com (Bill Frantz)”
1996-01-31 (Wed, 31 Jan 1996 09:17:34 +0800) - Re: FL Demonstrates Fatal Flaw in Logins - frantz@netcom.com (Bill Frantz)