Securing ActiveX.
Adam Shostack
adam at homeport.org
Tue Dec 17 09:57:26 PST 1996
Why do people talk about sandboxes? Sandboxes are places
where people play. I want to run hostile code in a jail cell, with
carefully designed interfaces where my jailers can control the
messages it sends in and out.
If this is a game, why is Microsoft spending hundreds of
millions of dollars to put ActiveX everywhere? People are going to
start building safety critical systems with these toys, and should be
encouraged to engineer them for real world use.
Crypto relevance? Java is a pretty damned flexible tool for
writing pluggable cross platform modules, including crypto software.
It behooves us to make it solid. See
http://www.brokat.de/welcomee.htm (English version) for plugable
crypto. See Ross Anderson's Murphy's Law paper for why cross platform
is so important. http://www.cl.cam.ac.uk/users/rja14/
Adam
Blake Coverett wrote:
| I would be happier running an ActiveX control with Peter Trei's
| signature on it than I would an unsigned control in a sandbox.
| (This kind of a trust decision is probably the normal case in the
| intranet world. ActiveX as it sits is quite sufficient for rolling
| out internal intranet applications.)
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
More information about the cypherpunks-legacy
mailing list