On Tue, 17 Dec 1996, Blake Coverett wrote:
It's not a Java vs ActiveX thing for me at all. What is important is that some of the applets I write can't function in a sandbox, they need access to the disk and other resources for business reasons. For this type of thing signed code without a sandbox is the only choice.
Sure they can. Get a file system that honors security and limit that applet's access to certain directories only where the data it needs lives. Do not give it access to everything. A sandbox will allow this.
What I'd really like is the sort of thing Bill Frantz is describing on another branch of this thread. Signed code and an administrator defined policy that specified for a given signature exactly what types of resources should be accessible. Anything from don't execute and audit a security alarm to complete access to the whole machine.
Same difference whether you use the signature or some other thing to grant or revoke access to certain resources. Though if you use a signature as in the author who wrote it as opposed to something like a CRC which is unique for every control - then you are opening a wider hole than you want. With apps like that you want to set security perms for each application, not all applications that were written by Macrosoft. :)
How many users know how to download the jdk and run the java vm locally?
They don't need to. All they need to do is unzip the java classes into their classpath and all of the normal restrictions on an applet are ignored. Think it would be very hard to persuade a user to do just that in order to play a kewl java game? More importantly it shows that even expert users don't always know where the holes in the sandbox are.
Fine - how many game users who how to unzip the java classes into their classpath? Question is of knowledge not of what action they will take. =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian | "If you're gonna die, die with your|./|\. ..\|/..|sunder@sundernet.com|boots on; If you're gonna try, just |/\|/\ <--*-->| ------------------ |stick around; Gonna cry? Just move along|\/|\/ ../|\..| "A toast to Odin, |you're gonna die, you're gonna die!" |.\|/. .+.v.+.|God of screwdrivers"| --Iron Maiden "Die With Your Boots on"|..... ======================== http://www.sundernet.com =========================