Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!eternal-september.org!feeder.eternal-september.org!mx04.eternal-september.org!.POSTED!not-for-mail From: Joshua Cranmer Newsgroups: comp.lang.java.programmer Subject: Re: Article: Why you can't dump Java (even though you want to) Date: Thu, 10 May 2012 17:07:17 -0500 Organization: A noiseless patient Spider Lines: 15 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Thu, 10 May 2012 22:07:32 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="WpcHJSul77m+zlbR9GVqkA"; logging-data="2249"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+ejmVrMWFVFziMoSMVv5VecydFvzGyREQ=" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 In-Reply-To: Cancel-Lock: sha1:A8Gl+eIhTAldY+I/gx04+dHtm5E= Xref: csiph.com comp.lang.java.programmer:14460 cOn 5/9/2012 4:42 PM, Roedy Green wrote: > If dumped something on finding the first security hole Windows would > not have sold even one copy. JavaScript has no security at all. It > does not even try. The JavaScript language has no affordance for security by itself, exactly like Java. The implementations of JS (in particular, what would amount to standard libraries for JS) as found on most web browsers pay as much attention to security as Java's applet sandboxing model does. This includes going to such outlandish extremes as giving you the wrong data for the color of some text on your page in certain circumstances. -- Beware of bugs in the above code; I have only proved it correct, not tried it. -- Donald E. Knuth