Jeff wrote:
All of these security measures are implemented by Netscape in the current release. Specifically, Netscape Navigator 2.0beta2 includes all the applet security precautions detailed in the recent comp.lang.java posting. Netscape has been shipping the fixed applet security model for over a month(since 2.0Beta1), and Netscape and Sun continue to cooperate and work closely on applet security issues.
All of these are very conservative measures and they seem to be the best approach for the present. They do remove some of the more interesting features of Java. Sun commented to me in an interview that "we would not see a more complex security model until they adding encryption and digi-sig's, etc." My question is, can a corporate user replace the security class in Netscape. I understand that all the class libs are in an external file. While a virus might exploit this... my reason for asking is for corporate developers who are building "intra"net systems.. making some tweaks to the security class would give them the flexibility they need. Otherwise we have taken much of the fun out of Java. (for good reasons).