Java and Safe-TCL security (was Re: Java, Netscape, OpenDoc, and Babel)
Rich Salz
rsalz at osf.org
Fri Aug 4 14:14:33 PDT 1995
>the interpreter is made "safe" is to take a fully working tcl interpreter
>(with full priveleges) at run time, and use TclDeleteCommand() to remove
>offending commands. Safe-TCL is not emasculated at compile time, but at
>run time.
I have been told by folks at Sun that they are planning on doing it at
compile-time as well as at run-time. One of the concerns I conveyed
was that I want to make it easy to "pull out" the safe code and give
it a security audit.
/r$
More information about the cypherpunks-legacy
mailing list