Perry:
By the way, I suggest that Sun should offer a large money prize for the first significant security hole found the Java implementation. Its a tiny price to pay for security.
Chuck:
I don't think the lawyers would let us.
This is a shame. What reason would they have for not letting you? It could well be a very good marketing move. Maybe your marketing dept can convince the legal dept.
Would anyone be interested in a Java daemon that one could send arbitrary classes to in an attempt to subvert the runtime? I once thought this would be a good way to give safe exposure to the system in general. You know sort of "here's a program that can feed classes to a Java runtime on a system which is known to have a file X on it. Try to return the contents of X."
It probably wouldn't be to useful beyond that, and it would only validate the classes you have access to, not necessarily the full set in a release. (hence my not doing it given its utility only in testing the core runtime)
That, and a cash reward for getting the contents would be even better. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org