1996-04-27 - Re: The Joy of Java

Header Data

From: “Perry E. Metzger” <perry@piermont.com>
To: Scott Brickner <sjb@universe.digex.net>
Message Hash: 017feeae39cc8171a021a93c40a637a512d4e01434038296d8119e491a8aa090
Message ID: <199604270025.UAA01602@jekyll.piermont.com>
Reply To: <199604262131.RAA13066@universe.digex.net>
UTC Datetime: 1996-04-27 06:53:33 UTC
Raw Date: Sat, 27 Apr 1996 14:53:33 +0800

Raw message

From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 27 Apr 1996 14:53:33 +0800
To: Scott Brickner <sjb@universe.digex.net>
Subject: Re: The Joy of Java
In-Reply-To: <199604262131.RAA13066@universe.digex.net>
Message-ID: <199604270025.UAA01602@jekyll.piermont.com>
MIME-Version: 1.0
Content-Type: text/plain

Scott Brickner writes:
> Unfortunately, this last statement isn't really true.  To quote from the
> "Java Security" paper from some Princeton researchers:
>     The Java language has neighter a formal semantics nor a formal
>     description of its type system.  We do not know what a Java program
>     means, in any formal sense, so we cannot reason formally about Java
>     and the security properties of the Java libraries written in Java.
>     Java lacks a formal description of its type system, yet the security
>     of Java relies on the soundness of its type system.

I will point out that complete formal semantics exist for other,
perfectly practical to use languages, like Scheme.

>     We conclude that the Java system in its current form cannot easily
>     be made secure.  Significant redesign of the language, the bytecode
>     format, and the runtime system appear to be necessary steps toward
>     building a higher-assurance system. . . . Execution of remotely-
>     loaded code is a relatively new phenomenon, and more work is
>     required to make it safe.
> I do think that the ideas embodied in Java are very important, and will
> significantly shape the future of computing, but Java itself may be just
> a stepping stone on the way.

I go further. Java, as envisioned, cannot be made secure. It is too
powerful a language. Furthermore, it is unnecessary for the tasks that
it is used for, which are basically adding fancy wacky graphics and
simple applications and such to web pages.