1995-10-10 - Re: java security concerns

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Ray Cromwell <rjc@clark.net>
Message Hash: 2df96c49ef87cedf7e992724249b7c7dc26c4c769b526b6bfcc5403191308475
Message ID: <199510100457.AAA00235@jekyll.piermont.com>
Reply To: <199510100442.AAA10517@clark.net>
UTC Datetime: 1995-10-10 04:58:03 UTC
Raw Date: Mon, 9 Oct 95 21:58:03 PDT

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Mon, 9 Oct 95 21:58:03 PDT
To: Ray Cromwell <rjc@clark.net>
Subject: Re: java security concerns
In-Reply-To: <199510100442.AAA10517@clark.net>
Message-ID: <199510100457.AAA00235@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain



Ray Cromwell writes:
>   Yes, it may be possible that exploiting holes in Java will be easier
> than those in sendmail, just as it is easier to exploit a hole in 
> software on a networked machine rather than a non-networked one. But this
> can not be an argument against Java or its utility. The same arguments
> were raised when Postscript first came out, yet the huge benefits
> of postscript are obvious, while the amount of security damage
> done by it is minimal.

Postscript is completely safe if the interpreter is emasculated, and
most of them are. (It is a huge risk when run on a non-emasculated
interpreter, but fortunately it is easy to castrate one of the things.)

Java isn't like that, unfortunately. I wish it was simply a
display-postscript like thing that built pretty pictures inside a
confined window -- I could trust that to be done right if it was done
carefully.

Perry





Thread