[45631] in Cypherpunks
Re: Java and timing info - second attempt
daemon@ATHENA.MIT.EDU (Bill Frantz)
Tue Dec 19 17:39:41 1995
Date: Tue, 19 Dec 1995 12:21:03 -0800
To: Andrew Loewenstern <andrew_loewenstern@il.us.swissbank.com>,
Jim_Miller@bilbo.suite.com
From: frantz@netcom.com (Bill Frantz)
Cc: cypherpunks@toad.com
>Jim Miller (jim_miller@bilbo.suite.com) writes:
>Of course it would be a lot easier for the applet to just try to read the
>secret key file, encrypt it with an embedded public key, and post it to
>alt.anonymous.messages.
If I understand Java security correctly, the applet can just send data back
to the server it was loaded from, but can't read random files on the
machine it runs on (even if the user running it can read them). Java is
beginning to become cluefull about the idea that a program is not the same
as the person running it, and should not have the same privileges. In this
area, most OSs (inluding Unix) are totally clueless, which is why the
Orange Book has mandatory security requirements at the "B" and above
levels.
-----------------------------------------------------------------
Bill Frantz Periwinkle -- Computer Consulting
(408)356-8506 16345 Englewood Ave.
frantz@netcom.com Los Gatos, CA 95032, USA
