Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #23634

Re: > Sandboxed power == More secure???

From Richard Maher <maher_rjSPAMLESS@hotmail.com>
Newsgroups comp.lang.java.programmer
Subject Re: > Sandboxed power == More secure???
Date 2013-04-25 10:09 +0800
Organization Aioe.org NNTP Server
Message-ID <kla37v$601$1@speranza.aioe.org> (permalink)
References <kkknq8$3u2$1@speranza.aioe.org> <5dntm85s55qmuh8cort7l0uuji2mpo9eav@4ax.com> <516f2a09$0$32108$14726298@news.sunsite.dk>

Show all headers | View raw

On 4/18/2013 7:02 AM, Arne Vajhøj wrote:
> On 4/17/2013 1:37 PM, Roedy Green wrote:
>> On Wed, 17 Apr 2013 07:45:12 +0800, Richard Maher
>> <maher_rjSPAMLESS@hotmail.com> wrote, quoted or indirectly quoted
>> someone who said :
>>
>>> Perhaps the most significant change will be that, in the default
>>> setting, sites will not be able to force the small programs known as
>>> Java applets to run in the browser unless they have been digitally
>>> signed.
>>
>> This makes no sense. A digitally signed Applet does dangerous things.
>> Unsigned ones do not.

I think it's madness but the docs at: -
https://www.java.com/en/download/help/appsecuritydialogs.xml#background

http://www.oracle.com/technetwork/java/javase/tech/java-code-signing-1915323.html

shed a bit more light on it. Thankfully the <param name="permissions" 
value="sandbox" /> parameter is there.
>
> If you had followed what has happened in the Java world, then
> you would know that Java has had a couple of zero day vulnerabilities
> where unsigned applets could get full privs due to bugs.

Yes and a couple more serious bugs were introduced with webstart and 
jnlp! If Oracle ever forces us to use that crap then I  will give up.
>
> If people only enable applets on trustworthy sites where they really
> need Java, then they are much safer than if any web site can start
> a Java applet.

  If people only enable JavaScript  on trustworthy sites where they really
  need JavaScript, then they are much safer than if any web site can start
  JavaScript.

Would you agree?

Java's great drawing card has been its ubiquity. Without that it's 
condemned to being the new Cobol.

If it's got security bugs then you fix them! Saying "This might be 
really bad for you" could capture the teenage market but everyone else 
is going to think you're taking the piss :-(

>
> Arne
>
>
>

Cheers Richard Maher

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

> Sandboxed power == More secure??? Richard Maher <maher_rjSPAMLESS@hotmail.com> - 2013-04-17 07:45 +0800
  Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-16 22:12 -0400
    Re: > Sandboxed power == More secure??? Lew <lewbloch@gmail.com> - 2013-04-16 19:25 -0700
      Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-16 22:30 -0400
    Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-17 09:14 -0700
      Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 13:09 -0400
        Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-17 11:37 -0700
          Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 15:49 -0400
            Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:10 -0400
            Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:13 -0400
              Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 21:12 -0400
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 21:34 -0400
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 21:39 -0400
      Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:06 -0400
        Re: > Sandboxed power == More secure??? Joerg Meier <joergmmeier@arcor.de> - 2013-04-18 03:04 +0200
  Re: > Sandboxed power == More secure??? Roedy Green <see_website@mindprod.com.invalid> - 2013-04-17 10:37 -0700
    Re: > Sandboxed power == More secure??? paul.cager@gmail.com - 2013-04-17 10:54 -0700
    Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:02 -0400
      Re: > Sandboxed power == More secure??? Richard Maher <maher_rjSPAMLESS@hotmail.com> - 2013-04-25 10:09 +0800
        Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-24 22:30 -0400
        Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-25 08:54 -0700
          Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-26 22:11 -0400
            Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-26 20:05 -0700
              Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-27 22:23 -0400
              Re: > Sandboxed power == More secure??? "Chris Uppal" <chris.uppal@metagnostic.REMOVE-THIS.org> - 2013-04-28 12:09 +0100
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-28 09:43 -0400

csiph-web