[2822] in WWW Security List Archive
Re: Applet security (was Re: ActiveX security hole reported).
daemon@ATHENA.MIT.EDU (Alireza Bahreman)
Tue Aug 27 20:36:53 1996
Date: Tue, 27 Aug 1996 15:05:08 -0700
To: Michael Burati <burati@apollo.hp.com>,
"David M. Chess" <CHESS@watson.ibm.com>, www-security@ns2.rutgers.edu
From: Alireza Bahreman <bahreman@eit.com>
Errors-To: owner-www-security@ns2.rutgers.edu
EIT has developed two approaches for Applet Security (no fine grain auth):
1) Use RSA to sign applets and verify at the browser side before allowing access
2) Wrap Applets inside MOSS messages (secure MIME)
we have also thought of another alternative which we have not developed or
tested. That is use of SSL to download applets (as in https://blaw.blaw...).
If you like to get more information, visit our website at eco.eit.com. I would
like to hear comments/suggestions from interested parties...
There are other approaches and implementations as well elsewhere...
Ali
>I haven't had time to keep up with what's being done in this area, so if some-
>one is already working on the above (fine grain authz, not just signing) I'd
>like to hear about it...
>
>..Mike
>
