[1070] in java-interest
security
daemon@ATHENA.MIT.EDU (Ernest Friedman-Hill)
Thu Aug 17 23:48:05 1995
From: "Ernest Friedman-Hill" <ejfried@herzberg.ca.sandia.gov>
Date: Thu, 17 Aug 1995 17:51:40 -0700
To: java-interest@java.sun.com, hotjava-interest@java.sun.com
Someone just mentioned security (I hit delete a bit too quickly...).
I wanted to chime in on this subject, and vent some related ire.
(By the way, I'm aware of the dichotomy between the two groups I'm posting to -
the traffic on hotjava-interest is nearly zero though , so I'll assume that
most folks have blurred the distinction and just use java-interest.)
Anyway -
Hotjava security sucks! As you are allowed to post an arbitrarily-appearing
free-standing toplevel X/Window, your code can masquerade as anything it damn
well wants to. I'm surprised that the hotjava "security" folks are apparently
unaware of the work done on (c.f.) safe-tcl, and the mods made to the Tk
windowing toolkit to make it "safe" (for example, all toplevel windows
created from safe-tcl have warning stripes and are labelled "WARNING: UNSAFE".)
It also astonishes me that anyone could produce an embedded-language
web browser in such a way that the embedded code cannot access, for instance,
the widgets on the browser's currently displayed HTML form, but that's another
gripe altogether.
I'm bitching because I find it incredibly painful that such a potentially
cool thing as HotJava could have missed the mark so profoundly. I mean, let's
face it kids, interpreted C/C++ is nothing new - it's the delivery platform
that
has potential. And this one misses.
P.S. My vote on operator overloading: either take it out completely (the
string catenation exception is lame) or put it in completely (like C++.)
Java ain't a new language anymore than elisp is new vis-a-vis clisp; be
simpler, or be compatible, but don't be different just to be different.
--
---------------------------------------------------------
Ernest Friedman-Hill
Senior Member of Technical Staff
Scientific Computing Department
Sandia National Laboratories
Org. 8117, MS 9214
PO Box 969 Livermore, CA 94550
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
