In message <9510091458.AA27858@alpha>, Mike McNally writes:
Jack P. Starrantino writes:
Given JAVA's i/o capabilities
Java, per se, doesn't have any "I/O capabilities", in the same way that neither C nor C++ do. That said, it is the case that if your mail reader allows incoming applets to send mail, you're in for trouble.
As far as I know Java apps can only make network connections to the IP address they were loaded from. There may be more restrictions then that as well. So if they were going to mail-bomb they would have to hurt the site that was giving out the Java app (by sending all the mail to it to be relayed back), and in fact it could be done more effectavly with a "simple" CGI script. This isn't to say it is infeesable - someone could write a gereral purpose Java applet (say something that makes cool looking animated bullets for lists) that when loaded from a specific IP address/domain (say www.clueless.org) would then do something bad. However exactly who you can harm isn't exactly as broad as I assume "pranksters" would like, and how badly you can harm them may not be as harmful as "terrorists" would like, but it seems to be simpler to do then *I* would like! OBcrypto: in one of the Java papers I saw a refrence to use of RSA signitures to allow browser users to say things like "I trust Sun (or Tim May) to write applets that use Foo not to harm me". It wasn't in the public release of HotJava because of licencing constrints. Any speculation on whether Netscape will (eventually) support that feature?