Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #23693

Re: > Sandboxed power == More secure???

From "Chris Uppal" <chris.uppal@metagnostic.REMOVE-THIS.org>
Newsgroups comp.lang.java.programmer
References (2 earlier) <516f2a09$0$32108$14726298@news.sunsite.dk> <kla37v$601$1@speranza.aioe.org> <klbjd6$56s$1@dont-email.me> <517b33c0$0$32112$14726298@news.sunsite.dk> <klff3f$o60$1@dont-email.me>
Subject Re: > Sandboxed power == More secure???
Date 2013-04-28 12:09 +0100
Message-ID <uvadnTusfuNMnuDMnZ2dnUVZ8s-dnZ2d@bt.com> (permalink)

Show all headers | View raw

markspace wrote:

> Exceptions cause a security breach?  How the heck I'm I supposed to deal
> with that?
>
> And applets are all callbacks, so apparently the Java plug-in can't even
> call my applet correctly at all.
>
> Those are all issues, and they need to be addressed in a serious way.
> Or Oracle is simply not going to have any presence on the desktop in any
> way.  Which would be too bad, because imo there's a need for more
> platforms than just the vendor supplied (Windows, *nix) ones.

I don't see anything much that's specific to desktop apps (let alone applets). 
Quoted:

These guidelines are of interest to all Java developers, whether they create 
trusted end-user applications and applets, implement the internals of a 
security component, or develop shared Java class libraries that perform common 
programming tasks. Any implementation bug can have serious security 
ramifications and could appear in any layer of the software stack.

The main thing that's wrong with it, to my mind, is that it's so bloody long!

And as a result I haven't bothered to read all of it (and don't intend to).  By 
my impression of it after a quick skim is that it's made up of four kinds of 
guidance:

Motherhood and apple pie stuff (Restrict privileges, Do not log highly 
sensitive information, Validate inputs,...) which would apply to pretty-much 
any code in any language on any platform (where security is any kind of concern 
at all).  We can't fault them on that, but it might be better split out into 
separate guidance ("What every would-be programmer should know before being 
allowed within twenty miles of a computer").

Stuff that basically can be paraphrased as "Yup, Sun designed the language 
wrong -- we'll all have to live with it.  Sorry...").  Integer overflows (not 
only do they happen but they happen silently!). Lack of a /convenient/ way of 
managing limited resources (such as C#s "using" syntax).  Lack of immutable 
references (though I have my doubts about whether that can be made meaningful 
/and/ useful).  Even /having/ public (or protected) mutable fields in the 
language at all.  Public constructors (rather than factory methods).  Etc...

A few examples of plain daft behaviour of the platform classes which should be 
fixed pronto.  (Such as allowing HTML in Swing components by default).  Just 
about everything to do with serialisation.

And the last category can be summed up as "the security model is too 
complicated, and very easy to get wrong".  That's the biggest (by linecount) 
item.  Not sure what to do about that.  Maybe a library along the lines of Doug 
Lea's concurrency stuff that hides all the fragile mess inside nice tight 
interfaces with clear simple guidelines ??  I say that, but I'm not going to 
claim that /I/ could design and implement such a beast (not without 
language/JVM changes anyway).

BTW:

> All of those are big areas of concern.  I honestly don't see what to do
> with the mutable statics.  You need globals in any non-trivial app.

I was under the impression that each applet ran in its own classloader.  Am I 
wrong ?  If not then mutable statics are no worse a problem in applets than 
they are anywhere else.

    -- chris

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

> Sandboxed power == More secure??? Richard Maher <maher_rjSPAMLESS@hotmail.com> - 2013-04-17 07:45 +0800
  Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-16 22:12 -0400
    Re: > Sandboxed power == More secure??? Lew <lewbloch@gmail.com> - 2013-04-16 19:25 -0700
      Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-16 22:30 -0400
    Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-17 09:14 -0700
      Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 13:09 -0400
        Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-17 11:37 -0700
          Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 15:49 -0400
            Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:10 -0400
            Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:13 -0400
              Re: > Sandboxed power == More secure??? Eric Sosman <esosman@comcast-dot-net.invalid> - 2013-04-17 21:12 -0400
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 21:34 -0400
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 21:39 -0400
      Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:06 -0400
        Re: > Sandboxed power == More secure??? Joerg Meier <joergmmeier@arcor.de> - 2013-04-18 03:04 +0200
  Re: > Sandboxed power == More secure??? Roedy Green <see_website@mindprod.com.invalid> - 2013-04-17 10:37 -0700
    Re: > Sandboxed power == More secure??? paul.cager@gmail.com - 2013-04-17 10:54 -0700
    Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-17 19:02 -0400
      Re: > Sandboxed power == More secure??? Richard Maher <maher_rjSPAMLESS@hotmail.com> - 2013-04-25 10:09 +0800
        Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-24 22:30 -0400
        Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-25 08:54 -0700
          Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-26 22:11 -0400
            Re: > Sandboxed power == More secure??? markspace <markspace@nospam.nospam> - 2013-04-26 20:05 -0700
              Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-27 22:23 -0400
              Re: > Sandboxed power == More secure??? "Chris Uppal" <chris.uppal@metagnostic.REMOVE-THIS.org> - 2013-04-28 12:09 +0100
                Re: > Sandboxed power == More secure??? Arne Vajhøj <arne@vajhoej.dk> - 2013-04-28 09:43 -0400

csiph-web