Date: Sat, 01 Feb 1997 00:18:34 +0100
From: Matthias Oelmann <mao@lava.de>
To: Marianne Mueller <mrm@Eng>
Subject: Re: protocols&security
Hi again,
I think we have a misunderstanding here. Java security is one of the
great features of Java. Its still in its childhood and I'm looking
forward to configurable security in 1.1. But this is different.
All I'm trying to do is:
new URL("mmp://my.host.com");
(where my.host.com is of course the applethost or whatever is allowed)
no firewalls involved, no security restrictions broken. I am already
doing it and no security manager complains, but i had to rewrite all
the URL classes under a different name which makes the code very
much off-standards and big. this shows that everything I do is perfectly
legal with every known SecurityManager, so a change in the original
URL.java code shouldnt affect security either.
BTW, in case the URL.java code is still the same as in 1.0.2, the
problem would remain even with configurable security...
(exept no security at all, and I don't want that)
> We do want to support downloadable protocols but we have to face the
> security issues. I think downloadable protocol handlers was one the
> great raison d'etres for Java from the start. (That's just me
> speaking there.)
>
I agree!
Ok, me speaking here, I think that URL code is a bit of a leftover
from alpha3, and has just not been changed then. (It was quite a hurry
from alpha to 1.0 final, wasn't it?)
Matthias
Marianne Mueller wrote:
>
> I don't know if you've had to deal with getting the protocol https
> through a firewall boundary, but it's many people's experiences (and
> belief) that new protocols do potentially raise security questions.
> Consider https. Many firewalls don't by default let https through,
> since once the https tunnels through and is sending encrypted traffic,
> the firewall has a hard time policing that connection or being able to
> make any statement about what it's letting in. I'm not saying this is
> the right way to implement security. I'm just saying that I've seen
> this sort of tugging between protocols & firewalls.
>
> People want to know what the new protocol is going to do. The
> feedback we get is that people are happy to allow new protocols in, if
> they can limit the access that that protocol gives to the applet or
> Java code. Hence the dependency on more configurable security
> policies. Rather than implement some restriction in the code, as in
> URL.java, wouldn't you rather modify a config file to allow
> such-and-such a protocol to be used by your JVM? We're trying to get
> beyond hard-coding the restrictions in the code.
>
> We do want to support downloadable protocols but we have to face the
> security issues. I think downloadable protocol handlers was one the
> great raison d'etres for Java from the start. (That's just me
> speaking there.)
>
> Marianne