[2606] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Paul Rarey)
Wed Aug 14 05:10:35 1996
From: Paul Rarey <Paul.Rarey@Clorox.com>
Date: Tue, 13 Aug 1996 22:35:38 -0700
In-Reply-To: Stephen Cobb <stephen@iu.net>
"Re: ActiveX security hole reported." (Aug 13, 17:57)
Reply-To: Paul Rarey <Paul.Rarey@Clorox.com>
To: Stephen Cobb <stephen@iu.net>, trei@process.com
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Folks...,
Nice remedy... (I'm quite secure in the knowledge that) Java has a substantially
better security model than ActiveX {A/X}. --- Ooooo... I see some disputes!
Let's get them on the table - because that's how security gets better!
Point me to where this topic might be better discussed.... It's dear (deer?..:-)
to my heart.
I would be quite content to capitulate the whole issue if MS sicks with the
"A/X-In-Java" solution. Then all the community as to do, is to follow the Java
security model. Let MS/X do it's thing, but "do Java security" after "A/X"
releases the object, *do* the Jave thing!
--
Regards...,
[ psr ]
x2160
