Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #23664

Re: > Sandboxed power == More secure???

From markspace <markspace@nospam.nospam>
Newsgroups comp.lang.java.programmer
Subject Re: > Sandboxed power == More secure???
Date 2013-04-26 20:05 -0700
Organization A noiseless patient Spider
Message-ID <klff3f$o60$1@dont-email.me> (permalink)
References (1 earlier) <5dntm85s55qmuh8cort7l0uuji2mpo9eav@4ax.com> <516f2a09$0$32108$14726298@news.sunsite.dk> <kla37v$601$1@speranza.aioe.org> <klbjd6$56s$1@dont-email.me> <517b33c0$0$32112$14726298@news.sunsite.dk>

Show all headers | View raw

On 4/26/2013 7:11 PM, Arne Vajhøj wrote:

> On 4/25/2013 11:54 AM, markspace wrote:
>>
>> <http://www.oracle.com/technetwork/java/seccodeguide-139067.html>
>>...
>> Oracle should really devote some resources to fixing this.  And by
>> "fixing" I mean obviating every last item in that document.

>
> I don't think that is possible or desirable.
>
> A lot of this has to be done by the developer based
> on context.

I see a few things in that document that should be done by the 
developer.  I see a lot more that really shouldn't be the developers 
concern, under any circumstances.

I'd honestly like to see some discussion about it because I'd like to 
propose some fixes to Oracle.  Otherwise I think applets are just plain 
doomed.

For example, some "context" for applets that I'm concerned about where 
Oracle pushes security onto the developer:

1. Mutable statics.  This includes private fields, if I read the 
document aright.

2. "Exceptions."  WTH?

3. Call backs, including applets, which are apparently invoked with full 
permissions.

All of those are big areas of concern.  I honestly don't see what to do 
with the mutable statics.  You need globals in any non-trivial app.

Exceptions cause a security breach?  How the heck I'm I supposed to deal 
with that?

And applets are all callbacks, so apparently the Java plug-in can't even 
call my applet correctly at all.

Those are all issues, and they need to be addressed in a serious way. 
Or Oracle is simply not going to have any presence on the desktop in any 
way.  Which would be too bad, because imo there's a need for more 
platforms than just the vendor supplied (Windows, *nix) ones.

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

> Sandboxed power == More secure??? Richard Maher <maher_rjSPAMLESS@hotmail.com> - 2013-04-17 07:45 +0800
  Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-16 22:12 -0400
    Re: > Sandboxed power == More secure??? Lew <lewbloch@gmail.com> - 2013-04-16 19:25 -0700
      Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-16 22:30 -0400
    Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-17 09:14 -0700
      Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 13:09 -0400
        Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-17 11:37 -0700
          Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 15:49 -0400
            Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:10 -0400
            Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:13 -0400
              Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 21:12 -0400
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 21:34 -0400
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 21:39 -0400
      Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:06 -0400
        Re: > Sandboxed power == More secure??? Joerg Meier <joergmmeier@arcor.de> - 2013-04-18 03:04 +0200
  Re: > Sandboxed power == More secure??? Roedy Green <see_website@mindprod.com.invalid> - 2013-04-17 10:37 -0700
    Re: > Sandboxed power == More secure??? paul.cager@gmail.com - 2013-04-17 10:54 -0700
    Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:02 -0400
      Re: > Sandboxed power == More secure??? Richard Maher <maher_rjSPAMLESS@hotmail.com> - 2013-04-25 10:09 +0800
        Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-24 22:30 -0400
        Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-25 08:54 -0700
          Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-26 22:11 -0400
            Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-26 20:05 -0700
              Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-27 22:23 -0400
              Re: > Sandboxed power == More secure??? "Chris Uppal" <chris.uppal@metagnostic.REMOVE-THIS.org> - 2013-04-28 12:09 +0100
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-28 09:43 -0400

csiph-web