Interesting People mailing list archives
IP: Re: the Java bug
From: David Farber <farber () central cis upenn edu>
Date: Wed, 11 Oct 1995 10:54:42 -0400
Date: Wed, 11 Oct 1995 07:49:07 -0700 To: farber () central cis upenn edu (David Farber) From: Dave Crocker <dcrocker () brandenburg com> At 1:42 AM 10/11/95, David Farber wrote:
re-enforce worries stated on the net re the FUTURE problems with such active systems like Java and other remotely
"Active systems" is a fancy term. In casual conversation, we just call them viruses... [some call them a headache .. djf] Java uses an unusual approach to security for an active system. The TCL and Telescript approaches employ dual execution engines. One runs the untrusted code that has arrived and the other runs trusted code. When the untrusted code wants to do something potentially dangerous it makes a call to the interface that goes to the trusted code which then evaluates the request. The core of this approach is to cripple the language and system constructs available for direct execution by the untrusted code. Astonishingly, Java basically uses a prevention-by-inspection scheme. The language begins with proper crippling but, as I understand the description, the decision to permit execution of potentially dangerous code is really done at compile time, without dynamic evaluation! Besides that, security-related code simply takes a long time to shake out thoroughly. Those historically involved with active systems have been quite clear that the potential danger is quite high and that long shakeout is necessary. Perhaps the real issue, here, is putting it into wide deployment so quickly after Java has been developed. d/ -------------------- Dave Crocker +1 408 246 8253 Brandenburg Consulting fax: +1 408 249 6205 675 Spruce Dr. dcrocker () brandenburg com Sunnyvale, CA 94086 USA http://users.aimnet.com/~dcrocker/
Current thread:
- IP: Re: the Java bug David Farber (Oct 11)