From: frantz@netcom.com (Bill Frantz)
Date: Wed, 31 Jan 1996 09:17:34 +0800
To: br@scndprsn.eng.sun.com (Benjamin Renaud)
Subject: Re: FL Demonstrates Fatal Flaw in Logins
Message-ID: <199601301931.LAA02257@netcom6.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At  8:49 AM 1/30/96 -0500, Perry E. Metzger wrote:
>Benjamin Renaud writes:
>> The only events a Java applet is privy to are those that are typed in
>> an applet window (and only those it itself spawned).
>
>Don't say "is privy". Say "is supposed to be privy". Doubtless bugs
>will appear in java security in the future -- they've shown up in the
>past.

My bigest worry about Java security is the size of its "security kernel". 
Having a small, well defined, security kernel is a big advantage.  All the
better if the source is available for public review.  Java has a large, and
to me somewhat undefined "security kernel".

(BTW - I havn't been able to find on the web pages the kind of overview of
the libraries which would make the detailed method descriptions make sense.
 Perhaps I havn't looked in the right place.)


-----------------------------------------------------------------
Bill Frantz                   Periwinkle  --  Computer Consulting
(408)356-8506                 16345 Englewood Ave.
frantz@netcom.com             Los Gatos, CA 95032, USA