sameer@c2.org writes:
I go further. Java, as envisioned, cannot be made secure. It is too powerful a language. Furthermore, it is unnecessary for the tasks that it is used for, which are basically adding fancy wacky graphics and simple applications and such to web pages.
Even though that is all it is used for now, I think it was *intended* to be used for more.
So much the worse. I don't think its a good idea to download random programs and run them without even realizing it, especially when they run in an execution environment which is not particularly emasculated. I don't think this can be made particularly secure in the general case. It is a bad paradigm. I've said it before, and everything we've seen thus far about Java supports my contention. Perry