[48708] in Cypherpunks
Re: FL Demonstrates Fatal Flaw in Logins
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Jan 30 14:46:37 1996
Date: Tue, 30 Jan 1996 11:34:43 -0800
To: perry@piermont.com, br@scndprsn.eng.sun.com (Benjamin Renaud)
From: frantz@netcom.com (Bill Frantz)
Cc: cypherpunks@toad.com
At 8:49 AM 1/30/96 -0500, Perry E. Metzger wrote:
>Benjamin Renaud writes:
>> The only events a Java applet is privy to are those that are typed in
>> an applet window (and only those it itself spawned).
>
>Don't say "is privy". Say "is supposed to be privy". Doubtless bugs
>will appear in java security in the future -- they've shown up in the
>past.
My bigest worry about Java security is the size of its "security kernel".
Having a small, well defined, security kernel is a big advantage. All the
better if the source is available for public review. Java has a large, and
to me somewhat undefined "security kernel".
(BTW - I havn't been able to find on the web pages the kind of overview of
the libraries which would make the detailed method descriptions make sense.
Perhaps I havn't looked in the right place.)
-----------------------------------------------------------------
Bill Frantz Periwinkle -- Computer Consulting
(408)356-8506 16345 Englewood Ave.
frantz@netcom.com Los Gatos, CA 95032, USA
