[62] in java-interest
definition of security and safe?
daemon@ATHENA.MIT.EDU (Brian.G.Beuning@att.com)
Mon May 8 14:21:04 1995
From: Brian.G.Beuning@att.com
Date: Mon, 8 May 95 12:57:47 CDT
To: java-interest@java.Eng.Sun.COM
Hi,
I read through the online documentation about the security
of Java in
doc:///doc/security/security.html
It seems like the Java implemetation is designed to prevent
(intentional or accidental) bad code from harming the computer
running the browser. So it makes sense that in java.lang.System
the execin() and execout() methods are restricted. Why isn't
exec() also restricted? It seems just as dangerous.
Some people define computer security in terms of not denying
users access to the machine. (For example, making a machine
reboot or trashing the passwd file denies users access so they
are security issues.) In that sense, shouldn't
java.lang.system.exit()
be restricted also? What if I have followed some long chain of
links to get to something interesting, and then reference a page
that has some Java code that calls exit()? At the very least I
will be upset, at the worst I may not be able to find the same
path again. So in a sense exit() could be used to deny me access
to my favorite browser.
My last point has to do with CPU load. What if someone writes
some Java code that fires off N threads that all are infinite
loops? Again I am being denied access to my machine (because
the browser is using all the CPU time).
I guess my basic question is
``What are the Java definitions of "security" and "safe"?''
Thanks,
Brian Beuning
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
