[882] in java-interest
Re: Private variables in java libraries
daemon@ATHENA.MIT.EDU (Futplex)
Sun Aug 13 05:41:16 1995
To: java-interest@java.sun.com
Date: Sun, 13 Aug 1995 01:19:39 -0400 (EDT)
Reply-To: java-interest@java.sun.com
In-Reply-To: <199508100530.WAA23204@webrunner.neato.org> from "owner-java-interest-digest@java.sun.com" at Aug 9, 95 10:30:57 pm
From: futplex@pseudonym.com (Futplex)
Guy Elliott writes:
>I realize that you are not allowed to extend packages on the client side for
>security reasons, but since this is so, I would like to request that in
>future implementations of the Java libraries, fewer variables (such as
>serverOutput and serverSocket) are set as protected or private, or are there
>security issues behind this as well? If this is so, then maybe there should
>be another protection mode (such as netprotected), that can be freely
>accessed if that type of security is turned off in the browser but which is
>protected if security against it is turned on. I realize that this could be
>a security hole for an enterprising hacker but at least it would be one that
>needed to be consciously turned on by the owner of the browser.
*flame on, for the first time in months*
Oh, like the "click here if you never want to see these nagging security
hazard warnings again" dialog box in Netscape ? I bet hardly _anyone_
ever presses that and promptly forgets about it.
It's enough of a challenge as it is to develop reasonably secure applications,
without having holes deliberately torn in the source language.
>Just a thought to vent my frustration at having a fairly simple coding
>problem turned into a lot of work.
Well, I'm genuinely sorry to hear it, but writing code in a fairly
secure environment won't be a walk in the park any time soon. Perhaps you
should consider using a language that's designed with less serious (or no)
consideration for network security issues. We're up to our necks in such
languages, after all. You can keep the thousands of languages that let you
do all sorts of weird insecure things, but I for one would like to see
Java remain relatively unsullied.
*flame off, hopefully for a while*
FWIW, I vote against "optional protection" in Java.
-Futplex <futplex@pseudonym.com>
"I wish I was a Kellogg's Corn Flake, floating in my bowl, taking movies" -S&G
"We have to shout above the din of our Rice Krispies" -The Police
-
Note to Sun employees: this is an EXTERNAL mailing list!
Info: send 'help' to java-interest-request@java.sun.com
