[1450] in java-interest
Re: Security and Java
daemon@ATHENA.MIT.EDU (John D. Mitchell)
Sun Sep 3 08:26:51 1995
Date: Sun, 3 Sep 1995 02:06:10 -0700
From: "John D. Mitchell" <johnm@emf2-003.emf.net>
To: gandalf@viman1.viman.com (Matt Cline)
Cc: java-interest@java.sun.com
In-Reply-To: <9508311913.AA04146@claudius.viman.com>
Matt Cline writes:
[...]
> Even if this can't be done directly by a HotJava app, it can trick your
> user into letting it. For instance, if you have a UNIX site, the
> app could say "I need to have a certain environmental variable set.
> I'll be nice enough to put the setenv command into your .chsrc if you'd
> let me have access to it". If the user is dumb enough to say "OK",
> there's probably not anything you could do to stop it.
What sorts of things can we as implementors and developers do to make this
sort of thing more difficult to do without making all of our systems
totally celibate (i.e., standalone)?
> Also, windows created by a HotJava app are currently indistinguishable
> from windows created by normal applications. A HotJava app could
> theoretically masquerade as another application and get info/wreck havoc
> in this manner.
This was discussed at length by the various folks involved in the Safe-Tcl
work and they have done good bit of work in this area.
Take care,
John
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
