[2052] in WWW Security List Archive
Re: Java Hole: Web Graffiti & Covert Channels
daemon@ATHENA.MIT.EDU (Jacob Rose)
Fri May 10 17:27:08 1996
Date: Fri, 10 May 1996 14:41:42 -0400 (EDT)
From: Jacob Rose <jacob@hummingbird.whiteshell.com>
To: "Donald T. Davis" <don@cam.ov.com>
Cc: www-security@ns2.rutgers.edu
In-Reply-To: <199605101608.MAA01266@gza-client1.cam.ov.com>
Errors-To: owner-www-security@ns2.rutgers.edu
> the point of the complaint, is that java is supposed to be more
> secure than CGI; that's one of java's main design goals, and one
> which java has consistently failed to meet.
Perhaps you didn't read my mail terribly thoroughly; if you have ANY
program proffer a link to another site, it can send you whereever it
pleases. You can even considder a completely HTML "security risk," by the
same token, of simply mirroring someone else's site on your own. You can
download their graphics and text, then doctor it, and make it look just
like the original, only raise their prices 100%, or make their product
look shoddy. This is not a bug, it's simply a consequence of hypertext.
It's not really even a security issue. It *is* however, an authentication
issue - are you really talking to who you think you're talking to?
w h e r e
w i l l
W E
b e
,-.i n
` / ----
,' ()()1 ?
~~~ ----
