Date: Mon, 14 Apr 1997 18:42:55 -0700
Message-Id: <199704150142.SAA13630@puffin.eng.sun.com>
From: Marianne Mueller <mrm@Eng>
To: ttran@bmgmusic.com
Subject: Re: Hypocritical demonstration at JavaOne conference
Hi -
Sorry you are offended by the JavaOne demo. I try to take all these
things with a sense of humor and grain of salt.
As for the parallels in security model: I don't think we are doing
the same thing as ActiveX, not at all.
We can build an extended sandbox with flexible policies on top of the
sandbox, *because* we can enforce a sandbox.
I don't believe a native code C/C++ embedded content model can
accomplish this. I don't think such a model can provide non-trivial
configurable policies. In fact, the folks who are doing such a model
have stated publically that they cannot implement the sandbox
approach. Please check out their web site for info on that!
Please check out these URLs for info on Java security:
1. Slides from JavaOne
http://java.sun.com/javaone/sessions/slides/TT03/index.html
2. Handout from JavaOne
http://java.sun.com/security/handout.html
3. Compcon 97 extended abstract
http://java.sun.com/security/compcon97.ps
Peace,
Marianne
JavaSoft engineering, security