[3358] in WWW Security List Archive
Re: Java Script
daemon@ATHENA.MIT.EDU (Paul Phillips)
Thu Oct 24 04:23:06 1996
Date: Wed, 23 Oct 1996 23:44:07 -0700 (PDT)
From: Paul Phillips <psp@well.com>
Reply-To: Paul Phillips <psp@well.com>
To: Adam Shostack <adam@homeport.org>
cc: jsw@netscape.com, www-security@ns2.rutgers.edu
In-Reply-To: <199610231601.LAA02821@homeport.org>
Errors-To: owner-www-security@ns2.rutgers.edu
On Wed, 23 Oct 1996, Adam Shostack wrote:
> This sort of thing points out the need for signed code &
> trusted software houses configurable at a sitewide level. Netscape's
> encouraging users to turn on Javascript opens the enterprise to
> weaknesses in the language. If the code needed to be signed, and site
> admins could control whose code was executed, then these problems
> would be more manageable; users could get LS from Netscape, their
> company, and no one else.
In NYC last week, various Netscape people promised that this capability
would exist for both Javascript and Java in 4.0. A little electronic
confirmation of that wouldn't hurt.
-PSP
