Secure Coding mailing list archives
Re: Java sandboxing not used much
From: Bill Cheswick <ches () lumeta com>
Date: Thu, 11 Mar 2004 21:40:08 +0000
Complex security systems are often completely ignored.
This is definitely a problem with with more-involved security systems. At one point I obtained a system that had obtained B1 certification to implement a firewall. The firewall worked fine, but I never got the hang of the system administration for the damn thing. User client-level applications should come with recommended sandbox.conf files that will contain them appropriately. There's already a shortage of systems and network security people, and this stuff should be as easy as possible. ches
Current thread:
- Re: Java sandboxing not used much Bill Cheswick (Mar 11)
- RE: Re: Java sandboxing not used much Alun Jones (Mar 11)
- <Possible follow-ups>
- RE: Re: Java sandboxing not used much Jeremy Epstein (Mar 11)