Re: Java sandboxing not used much

[Bill Cheswick <ches () lumeta com>]

> Complex security systems are often completely ignored.

This is definitely a problem with with more-involved security systems.
At one point I obtained a system that had obtained B1 certification
to implement a firewall.  The firewall worked fine, but I never
got the hang of the system administration for the damn thing.

User client-level applications should come with recommended sandbox.conf
files that will contain them appropriately.  There's already a shortage
of systems and network security people, and this stuff should be as
easy as possible.  

ches