[5139] in java-interest
RE: Netscape security => lame applets
daemon@ATHENA.MIT.EDU (Cay Horstmann)
Tue Jan 30 01:51:45 1996
From: Cay Horstmann <horstman@jupiter.SJSU.EDU>
To: "'Nathan Williams <nathanw@MIT.EDU>'" <nathanw@jupiter.SJSU.EDU>
Cc: "java-interest@java.sun.com" <java-interest@java.sun.com>
Date: Mon, 29 Jan 1996 10:46:17 -0800
The security model for sockets and URLs is the same.
The "denial of service" attack you outline has nothing to do with the
security restriction. You are concerned about the applet uploading gobs of
stuff, but it can do that now--from the originating host. It isn't
something to be greatly concerned about--just shut down Netscape.
There is a big difference between "giving arbitrary code any real
priveleges on my system." and giving applets the right to read publicly
available URLs.
I find it a problem that so many security conscious folks raise fears in
very general terms without being specifc.
James Waldrop had it right. He specifically named the problem. The notion
of "publicly available" is different from the site originating the applet
and the site running the applet. If the applet runs inside a firewall, it
can access private Web pages and send them back to the originating host.
Not nice.
Here is a better model. Distinguish between two kinds of applets. One kind
can write back to the originating host but can only read from that host as
well. Another kind can read from any host but can write nowhere. The latter
kind would be my "information harvester".
Right now I solved my problem by writing a CGI script. But it is a pain.
You are certainly right that someone will come up with a way of making this
all more transparent.
Cay
horstman@cs.sjsu.edu
----------
From: Nathan Williams <nathanw@MIT.EDU>[SMTP:nathanw]
Sent: Monday, January 29, 1996 6:24 AM
To: Cay Horstmann
Cc: java-interest@java.sun.com
Subject: Re: Netscape security => lame applets
> Two points. First, security is important. I am NOT asking that the applet
> have ARBITRARY network and file system access. All I am asking is that
the
> applet has THE SAME URL ACCESS AS THE AMBIENT BROWSER. This would not be
> rocket science to implement, and it would give applets the power of
> analyzing documents on the net that are already there for perusal by
> browsers.
I don't think the security model is different for accessing
URLs as creating sockets. This may be a valid concern; I can
understand why you want the applet to go fetch documents and do
something with them. There is still a concern of having an applet go
out of control; if I'm on a 14.4 PPP link, I want the network traffic
to be under my control, and a malicious applet can still mount a
denial-of-service attack until I get around to killing the applet
and/or browser.
> Second, in a way I personally agree that applications are more
interesting
> than applets. But that isn't where the action is. The action is
definitely
> in applets. Consider my silly little weather applet. As an applet, it is
> trivial to use. You go to my web page, and you use it. Had it been an
> application, then you would have to download it to your computer
first--an
> extra step that eliminates a lot of users.
But a necessary one for security reasons. Until there is some
kind of signing/authentication system for distributed code, I do not
want to give arbitrary code any real priveleges on my system. There is
certaintly an opportunity for Java to help the software installation
mess that exists today, but applets as they stand don't have any of
the necessary structure to provide it. There is a group at the MIT
Artificial Intelligence lab that has done some research on these
problems, and of using Java to help solve them; look at
http://www.ai.mit.edu/projects/transit/rc_home_page.html for details.
> The Java boosters promise that it will be a way out of the current mess
> with CGI and forms, but replacing it with a new mess of CGI, custom
sockets
> and Java seems no better.
Java is only a first step; there is definitely a needed layer
of code for use in applets and servers to make writing interactive
network applets easy. Whether this layer is developed publicly and
absorbed into the Java distribution or privately and sold as a
developer's tool by some third party remains to be seen.
- Nathan <nathanw@mit.edu>
-
This message was sent to the java-interest mailing list
Info: send 'help' to java-interest-request@java.sun.com
