From: shamrock@netcom.com (Lucky Green)
To: stevenw@best.com (Steven Weller)
Message Hash: ff693e748fe391205bb259863bade4bd23b9cd0f6df116aaf34b2ac64584123b
Message ID: <v02120d2cad7beeaa81ec@[192.0.2.1]>
Reply To: N/A
UTC Datetime: 1996-03-25 06:50:13 UTC
Raw Date: Mon, 25 Mar 1996 14:50:13 +0800
From: shamrock@netcom.com (Lucky Green)
Date: Mon, 25 Mar 1996 14:50:13 +0800
To: stevenw@best.com (Steven Weller)
Subject: Re: RISKS: Princeton discovers another Netscape security flaw
Message-ID: <v02120d2cad7beeaa81ec@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain
At 23:48 3/24/96, Perry E. Metzger wrote:
> When you build something large and complex, and
>you require that the entire thing work for you to be secure, there are
>just too many failure modes.
That just about sums it up.
Chisel these in granite:
o Thou shall not execute untrusted code. Java or no Java.
o Privileges that an user doesn't have can't be abused.
o The only safe firewall is a non-networked computer.
o A feature that doesn't exist won't introduce security holes.
Yes, I know that there is a balance between functionality and security.
Where to draw the line depends on the application.
-- Lucky Green <mailto:shamrock@netcom.com>
PGP encrypted mail preferred.
Return to March 1996
Return to “shamrock@netcom.com (Lucky Green)”
1996-03-25 (Mon, 25 Mar 1996 14:50:13 +0800) - Re: RISKS: Princeton discovers another Netscape security flaw - shamrock@netcom.com (Lucky Green)