Re: Why I dislike Java. (was Re: "Scruffies" vs. "Neats")
At 23:37 5/2/96, Jeff Weinstein wrote:
Perry E. Metzger wrote:
Netscape with Java cannot be so tested because important components come down off the net. So no, I'm not holding Netscape with Java to a higher standard. I'm very much holding it to the same standard.
The Netscape Administration Kit will allow a site security admin to create a configuration that disables Java, and does not allow the user to enable it. If your customers require netscape, perhaps this is an option that will make you more comfortable.
Does it prevent the user from downloading an unrestricted copy from Netscape's ftp site or installing one brought from home? Disclaimer: My opinions are my own, not those of my employer. -- Lucky Green <mailto:shamrock@netcom.com> PGP encrypted mail preferred.
Does it prevent the user from downloading an unrestricted copy from Netscape's ftp site or installing one brought from home?
No, but that's what policies like "We find Netscape 2.0 on your machine and you are fired the next day" are for. (I know of one major silicon valley computer manufacturer with such a policy. Others probably exist as well.) -- Sameer Parekh Voice: 510-601-9777x3 Community ConneXion, Inc. FAX: 510-601-9734 The Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.net/ (or login as "guest") sameer@c2.net
Lucky Green wrote:
At 23:37 5/2/96, Jeff Weinstein wrote:
Perry E. Metzger wrote:
Netscape with Java cannot be so tested because important components come down off the net. So no, I'm not holding Netscape with Java to a higher standard. I'm very much holding it to the same standard.
The Netscape Administration Kit will allow a site security admin to create a configuration that disables Java, and does not allow the user to enable it. If your customers require netscape, perhaps this is an option that will make you more comfortable.
Does it prevent the user from downloading an unrestricted copy from Netscape's ftp site or installing one brought from home?
Yes. One of the things that you can configure is an addition to the user agent string, so xyz corp can make it Mozilla/3.0XYZ. You can then configure your proxies and servers to only accept clients with that string. Note that this is not 100% hack proof. Someone on your network who knew what they were doing could circumvent this by hacking their own browser, but it will keep normal users from subverting the system. --Jeff -- Jeff Weinstein - Electronic Munitions Specialist Netscape Communication Corporation jsw@netscape.com - http://home.netscape.com/people/jsw Any opinions expressed above are mine.
participants (3)
-
Jeff Weinstein -
sameer@c2.org -
shamrock@netcom.com