Perry writes:
Ray Cromwell writes:
Yes, it may be possible that exploiting holes in Java will be easier than those in sendmail, just as it is easier to exploit a hole in software on a networked machine rather than a non-networked one. But this can not be an argument against Java or its utility. The same arguments were raised when Postscript first came out, yet the huge benefits of postscript are obvious, while the amount of security damage done by it is minimal.
Postscript is completely safe if the interpreter is emasculated, and most of them are. (It is a huge risk when run on a non-emasculated interpreter, but fortunately it is easy to castrate one of the things.)
I'm not clear on what you mean by emasculated. It seems to me that postscript interpreters are full of holes that can be exploited by a cleaver enough attacker. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236