From: Aleph One <aleph1@dfw.net>
To: “Perry E. Metzger” <perry@piermont.com>
Message Hash: d52e1f7aadff9f05c359d9d707b0e29f21fac0f07049a5796320d6cf47c37ee1
Message ID: <Pine.SUN.3.90.951010002834.2770A-100000@dfw.net>
Reply To: <199510100457.AAA00235@jekyll.piermont.com>
UTC Datetime: 1995-10-10 05:36:21 UTC
Raw Date: Mon, 9 Oct 95 22:36:21 PDT
From: Aleph One <aleph1@dfw.net>
Date: Mon, 9 Oct 95 22:36:21 PDT
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: java security concerns
In-Reply-To: <199510100457.AAA00235@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.90.951010002834.2770A-100000@dfw.net>
MIME-Version: 1.0
Content-Type: text/plain
Iam sorry I dont fallow your logic. You find Postscript files
save because you can set up the interpreter to ignore Postscript commands
to write to files and execute programms (check the CIAC alerts), yet
you find Java applets insecure even when you can set up the same
restrictions and more under HotJava (and hopefully Netscape)?
That does not compute. Granted Java is certanly more complex than postscriptm
it a genereric programming language, and will be used by more people.
But that same concept aply.
Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
On Tue, 10 Oct 1995, Perry E. Metzger wrote:
> Postscript is completely safe if the interpreter is emasculated, and
> most of them are. (It is a huge risk when run on a non-emasculated
> interpreter, but fortunately it is easy to castrate one of the things.)
>
> Java isn't like that, unfortunately. I wish it was simply a
> display-postscript like thing that built pretty pictures inside a
> confined window -- I could trust that to be done right if it was done
> carefully.
>
> Perry
>
Return to October 1995
Return to “sameer <sameer@c2.org>”