[1855] in java-interest
Java and security
daemon@ATHENA.MIT.EDU (Scott Barman)
Mon Sep 18 20:40:56 1995
Date: Mon, 18 Sep 1995 11:00:08 -0400 (EDT)
From: Scott Barman <scott@Disclosure.COM>
To: java-interest@java.sun.com
This is a resend since I have not seen this come back from the mailing
list (nor have I seen a comment). If you are seeing this for the second
time, I apologize.
scott barman
---------- Forwarded message ----------
Date: Fri, 15 Sep 1995 16:56:13 -0400 (EDT)
From: Scott Barman <scott@di>
To: java-interest@java.sun.com
Subject: Java and security
It was suggest by Chuck McManis (cmcmanis@scndprsn.eng.sun.com) that I
might want to bring the following question to this list. So, here I
am. The following is a paraphrase of a question I put to the
Firewalls mailing list:
I was wondering if anyone has done a security analysis on allowing Java
applets behind a firewall? Security is a concern and I do not believe
the on line information (java.sun.com) has enough information for me
(although Mr. McManis assured me that more information is forthcoming).
My concern is with the client to this (Hot Java? Some day I have to get
a history and reasoning behind the name :-). What happens when the
client systems are NT or Windoze 3.1 or 95? The latter two are
certainly lacking of security functions and NT is questionable (for
much the same reasons a desktop Unix workstation maybe questionable...
depending on company policy). Am I opening up a can of worms :-) by
letting applets into the network?
I need feed back from anyone who has run or evaluated Java, specifically
the client it with security in mind. Can I transfer a file? Create a
file? Erase a file? How about uploading more than bytecode:
binaries? What would happen if an applet transfers what it might
think is an image but be executable code that an applet, or some other
program, can trigger to execute (that would be a Windoze-based problem)?
Is it possible?
I am insterested in hearing from people other than from Sun (sorry guys,
I need another view).
TIA
scott barman
--
scott barman DISCLAIMER: I speak to anyone who will listen,
scott@disclosure.com and I speak only for myself.
barman@ix.netcom.com
"Micro$oft and Windoze/NT will be the cause of the de-evolution of
network security just as the original PC and BASIC was the cause of
the de-evolution of programming."
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
