[2670] in WWW Security List Archive
Re: ActiveX security hole reported.
daemon@ATHENA.MIT.EDU (Joe Andrieu)
Sat Aug 17 19:27:21 1996
Date: Sun, 18 Aug 1996 02:12:38 -0700
To: Alan Olsen <alano@teleport.com>,
Sean Robert Wilkins <srw134@email.psu.edu>,
Jeremey Barrett <jeremey@forequest.com>
From: Joe Andrieu <andrieu@association.org>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
At 11:00 AM 8/16/96 -0700, Alan Olsen wrote:
>At 05:03 AM 8/16/96 -0400, Sean Robert Wilkins wrote:
>> Actually i had a question of you are you a big fan of Java? or its
>>scripting. MS based or SUN?? There is always going to be a back door
>>somewhere.. or an invisible security problem..
>
>Java Script was not created by Sun. It was originally called "live Script"
>and was something that originated with Netscape. (I think they purchaced it
>from yet another company, but I am not certain. Need more coffee...)
Just to clear things up: Java != JavaScript
Java was created by Sun, and has had its history told quite thoroughly in
many media, including Wired.
JavaScript is a Netscape creation and has nothing to do with Java except for
the name - it was some sort of marketing gimmick they negotiated at some point.
Java, JavaScript, and ActiveX each have their own security weaknesses.
However, Java is the only one of the three which to my knowledge _began_
with a systemic security model.
On that vein, does anyone know anything about the Inferno security model?
(That's AT&T's soon-to-be-released network OS which has similar properties
to the Java paradigm.)
Cheers,
-j
--
Joe Andrieu Internet Developers Association
President http://www.association.org
andrieu@association.org
