[4297] in WWW Security List Archive
Re: Sceptic about (Funds Transfer w/o PIN)
daemon@ATHENA.MIT.EDU (Adam Shostack)
Sat Feb 8 14:18:45 1997
From: Adam Shostack <adam@homeport.org>
In-Reply-To: <1356806255-30963347@ac4.jjc.cc.il.us> from Robert Sheehy at "Feb 7, 97 11:50:41 am"
To: rsheehy@ac4.jjc.cc.il.us (Robert Sheehy)
Date: Sat, 8 Feb 1997 11:10:25 -0500 (EST)
Cc: skat@flask.com, WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Robert Sheehy wrote:
| Fixing the sympoms is not the answer. Quicken is not the problem, ActiveX
| is. Also it seems to me that all the problems with ActiveX would also
| translate into problems with Java, but so far it seems to have gone
| unmentioned!
Seems to me that the Java sandbox stands more in the way of
this than the need for a certificate. Once you sign the code, you're
golden with ActiveX. With Java, theres still a sandbox in place.
Giving the user the control to say 'No, I don't want Java to take over
my machine any time it runs' strikes me as a huge difference.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
