[2054] in WWW Security List Archive
Re: Java Hole: Web Graffiti & Covert Channels
daemon@ATHENA.MIT.EDU (Dan Stromberg)
Fri May 10 19:52:14 1996
Date: Fri, 10 May 1996 14:23:25 -0700
From: Dan Stromberg <strombrg@hydra.acs.uci.edu>
To: "Donald T. Davis" <don@cam.ov.com>
CC: Jacob Rose <jacob@hummingbird.whiteshell.com>,
www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Donald T. Davis wrote:
> the point of the complaint, is that java is supposed to be more
> secure than CGI; that's one of java's main design goals, and one
> which java has consistently failed to meet.
If x and y are both divisible by a small prime, that has no bearing on
whether x>y or x<y.
If java and CGI are both vulnerable to (or more accurately, "presumed
guilty by association with") a problem in something on which they both
depend, that has no bearing on whether java is more or less secure than
CGI.
Jobs was onto something by combining server and client execution. Both
are important.
> jacob rose replied:
> > Goodness, everyone. This is not a bug in Java! You can do this with a
> > CGI script! ... So, really, this problem has nothing to do with Java,
> > it's simply a consequence of hypertext.
