From: Adam Shostack <adam@bwh.harvard.edu>
To: rjc@clark.net (Ray Cromwell)
Message Hash: dd0b6c7cc62daedb7fc54e1f036e3e48abff5ca7ef3d614bc7e8efe547a38423
Message ID: <9507281941.AA10821@leonardo.bwh.harvard.edu>
Reply To: <199507281754.NAA11499@clark.net>
UTC Datetime: 1995-07-28 19:41:57 UTC
Raw Date: Fri, 28 Jul 95 12:41:57 PDT
From: Adam Shostack <adam@bwh.harvard.edu>
Date: Fri, 28 Jul 95 12:41:57 PDT
To: rjc@clark.net (Ray Cromwell)
Subject: Re: Java, Netscape, OpenDoc, and Babel
In-Reply-To: <199507281754.NAA11499@clark.net>
Message-ID: <9507281941.AA10821@leonardo.bwh.harvard.edu>
MIME-Version: 1.0
Content-Type: text/plain
Ray wrote, responding to me:
| > I suspect Ray is working in an environment less security
| > concious than Perry's. Perry works on a lot of security-critical
| > applications where a lot of money is at stake. If I were going to go
| > after financial institutions, I'd definetly look at which ones were
| > using Java, and see what I could upload into their systems. Getting
| > copies of the recent files might be *very* informative. I'd be
| > worried if I were at Solomon brothers.
| If a business wants high security, they probably shouldn't be running
| anything but mail. Even allowing users ftp access is dangerous
| because someone could download a trojan horse. My college took
| the /exec function out of IRC for this very reason. If data can
| get through a firewall by any means, DNS, mail, etc, it's possible to write
| some kind of program to send stolen information on those channels. Hell,
| there is a big enough problem with users bringing software from home
| into work and infecting company networks with viruses.
FTP is available by mail. So is web access. Marcus Ranum
(formerly of TIS) has written a TCP/IP over SMTP. (He doesn't
distribute it.)
The problem of securing a network in this environment is a
very difficult one. Parts of it can be shown to be hard, although
partial solutions are possible.
I suspect the risks are enhanced by easy to use clients, as is
the productivity of the workers. Many experts recommend studying each
service and deciding whether or not to allow it based on a risk
assesment. The size of Java makes it tough to evaluate, as does its
extensible nature. I'm tempted to agree with Perry that its too big
and doesn't have enough fail-safes yet. I'd be much happier if the
Java execution environment did a chroot() before running any code, and
code went to the executor through a one way funnel. Making this
funnel truely one way limits the nifty things you can do with Java
substantially.
| Once you actually browse some HotJava web pages with HotJava, the
| ordinary Web becomes static and boring. It's like the difference between
| ftp and Netscape, or TinyMUD and LambdaMOO. There's just so much
| potential, especially for crypto-clients. Because Java provides a
| single development platform, single execution environment, GUI, and
| network access.
No argument here. I think Java is way nifty, and might be
enough of a killer app for me to upgrade to a powerPC mac.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
Return to July 1995
Return to “tcmay@sensemedia.net (Timothy C. May)”