[2891] in WWW Security List Archive
Re: Applet security (was Re: ActiveX security hole reported).
daemon@ATHENA.MIT.EDU (Paul Rarey)
Wed Sep 4 17:58:01 1996
From: Paul Rarey <Paul.Rarey@Clorox.com>
Date: Wed, 4 Sep 1996 13:16:12 -0700
In-Reply-To: Michael Burati <burati@apollo.hp.com>
"Re: Applet security (was Re: ActiveX security hole reported)." (Sep 3, 13:03)
Reply-To: Paul Rarey <Paul.Rarey@Clorox.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
On Sep 3, 13:03, Michael Burati wrote:
[ snip ]
>>I would be very reluctant to authorize actions based on specific certs. I
>>either trustem or I don't. Authorizations should be based on the authenticated
>>object.
>
>It seems like that would cause even more of a scalablity problem (authz per
>object, where the objects could be each of XYZ corps' hundred products, vs
>"I trust any applet from XYZ corp to access the file system outside of the
>default sandbox")
>
>..Mike
What price vigilance?
Best regards...,
Paul S. Rarey The Clorox Company Ph: 510.271.2160
Systems Architecture & 1221 Broadway Fx: 510.208.1520
Electronic Munitions Oakland, Ca. 94612-1888 USA
