java security concerns
Perry E. Metzger
perry at piermont.com
Mon Oct 9 21:58:03 PDT 1995
Ray Cromwell writes:
> Yes, it may be possible that exploiting holes in Java will be easier
> than those in sendmail, just as it is easier to exploit a hole in
> software on a networked machine rather than a non-networked one. But this
> can not be an argument against Java or its utility. The same arguments
> were raised when Postscript first came out, yet the huge benefits
> of postscript are obvious, while the amount of security damage
> done by it is minimal.
Postscript is completely safe if the interpreter is emasculated, and
most of them are. (It is a huge risk when run on a non-emasculated
interpreter, but fortunately it is easy to castrate one of the things.)
Java isn't like that, unfortunately. I wish it was simply a
display-postscript like thing that built pretty pictures inside a
confined window -- I could trust that to be done right if it was done
carefully.
Perry
More information about the cypherpunks-legacy
mailing list