Java and timing info - second attempt
Bill Frantz
frantz at netcom.com
Tue Dec 19 12:22:25 PST 1995
>Jim Miller (jim_miller at bilbo.suite.com) writes:
>Of course it would be a lot easier for the applet to just try to read the
>secret key file, encrypt it with an embedded public key, and post it to
>alt.anonymous.messages.
If I understand Java security correctly, the applet can just send data back
to the server it was loaded from, but can't read random files on the
machine it runs on (even if the user running it can read them). Java is
beginning to become cluefull about the idea that a program is not the same
as the person running it, and should not have the same privileges. In this
area, most OSs (inluding Unix) are totally clueless, which is why the
Orange Book has mandatory security requirements at the "B" and above
levels.
-----------------------------------------------------------------
Bill Frantz Periwinkle -- Computer Consulting
(408)356-8506 16345 Englewood Ave.
frantz at netcom.com Los Gatos, CA 95032, USA
More information about the cypherpunks-legacy
mailing list