[552] in java-interest
Re: Security
daemon@ATHENA.MIT.EDU (James C Deikun)
Fri Jun 30 11:46:53 1995
Date: Fri, 30 Jun 1995 11:32:30 -0400 (EDT)
From: James C Deikun <jcdst10+@pitt.edu>
To: Ryan Zerby <ryanz@daffy.netrex.com>
Cc: java-interest@java.sun.com
In-Reply-To: <9506300836.AA15580@www.netrex.com>
On Fri, 30 Jun 1995, Ryan Zerby wrote:
> Not being an expert on security, I have the following question:
>
> Is it possible to re-write the compiler and browser/interpreter so that it
> doesn't do the failsafes, thus allowing me to access another applet's private
> data? Couldn't I then link in some byte code that accesses material on the
> server-side and download that material for myself?
No.
> If not, what keeps me from doing that? Is there any protection against someone
> doing this (besides making sure that httpd can't get to anything important)?
a) the client doesn't send code to the httpd, it's t'other way around.
b) see the Security White Paper off the java home page (which is at
<URL:http://java.sun.com/) (the home page is, not the white paper).
--
James "bytecodes that don't byte" Deikun
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
