[1570] in WWW Security List Archive
Re: _DNS_ security problems
daemon@ATHENA.MIT.EDU (Rich Salz)
Sat Mar 2 00:29:04 1996
From: Rich Salz <rsalz@osf.org>
Date: Fri, 1 Mar 1996 21:07:40 -0500
To: ekr@terisa.com
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>Saying java is responsible for fixing this problem, is like saying
>sendmail is responsible for fixing the syslog problem.
No.
If Java decides to add DNS to its trusted computing base, then Java is
responsible for knowing the implications of doing so. If java safety in
this area were based on IP addresses rather then an unsecured name/address
database, then there would be fewer concerns (modulo IP hijacking, etc.)
It all goes to reinforce the notion that security, even if watered-down under
the rubric safety, is generally not a game for amatuers.
/r$
