[9613] in bugtraq
Applets listening on Sockets in Java
daemon@ATHENA.MIT.EDU (Gary McGraw)
Tue Feb 16 17:48:25 1999
Date: Tue, 16 Feb 1999 08:37:59 -0500
Reply-To: Gary McGraw <gem@RSTCORP.COM>
From: Gary McGraw <gem@RSTCORP.COM>
To: BUGTRAQ@NETSPACE.ORG
Bugtraq readers interested in what Java code can and cannot do
from a security perspective should see:
http://www.securingjava.com
where Ed Felten and I have placed the entire contents of our new book
"Securing Java" on the Web for free. (We wrote Java Security: HA HA
back in 1996.)
Data point: the new Java 2 security model makes no distinction
between applets and applications. The ability for Java code
to open a socket connection can be changed at the discression
of the VM's security policy manager.
gem
*------------------------------------------------------------------*
| Dr. Gary McGraw gem@rstcorp.com | (__) |
|-----------------------------------------| (oo) |
| Vice President | /-------\/ |
| Reliable Software Technologies (RST) | / | || |
| Sterling, VA | * ||----|| |
| <http://www.rstcorp.com/~gem> | ^^ ^^ |
*------------------------------------------------------------------*
