[Full-disclosure] Fwd: On sandboxes, and why I ... don't care.
coderman
coderman at gmail.com
Thu Mar 30 03:16:02 PST 2006
On 3/30/06, michaelslists at gmail.com <michaelslists at gmail.com> wrote:
> Just because no-one has told you, or you haven't seen it doesn't mean
> it doesn't happen.
amen. what's the cost if you are wrong? (the likely case over a
sufficient period of time against motivated attackers)
that artificial security flavoring is only reassuring while the luck
continues...
> It's pretty concerning to me, as a java programmer, that the verifier
> is off by default and hence any jar running can run free or the
> contraints I've tried to enforce. Or that another j2ee app could
> possibly be viewing the data I was processing in a shared-hosting
> environment.
in a shared processing environment you have bigger concerns, but i do
agree this is disturbing if your system was designed to operate in
privacy.
> And further, if your code _doesn't_ run properly with the verifier,
> then what the hell are you doing?
probably coding like the other 97% of the planet. (now that's
_really_ concerning)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
More information about the cypherpunks-legacy
mailing list