Java and JavaScript security questions

Pat Flesher (pflesher@imsidc.com)
Wed, 26 Feb 1997 13:02:29 -0500 (EST)

Date: Wed, 26 Feb 1997 13:02:29 -0500 (EST)
From: Pat Flesher <pflesher@imsidc.com>
To: java-security@java
Subject: Java and JavaScript security questions

Good afternoon,

I have a customer who has disabled Java, JavaScript, and ActiveX through
their Firewall system. However, they have a need to allow the use of
JavaScripts within the organization and to also allow users to access
external JavaScripts on the WWW. There questions concerning this are as
follows:

1) Can JavaScripts call Java Applets? If this is the case and they open
JavaScript capability through the firewall but continue to block Java
will this effectively stop the Java Applet from executing since it is
called by the JavaScript application?

2) Java Applets loaded from Netscape 2.0 and above cannot read or write
files? Is this true?

3) Are there still any inherently secure problems with allow JavaScripts
to run through a firewall system?

If there are any specific URLs I haven't seen that would assist in
answering these questions you response can just be a listing of those.

Thank you!

Pat Flesher
**************************************************
IIIIIIIII MM MM SSSSSSSS IIIIIIIII
IIIIIIIII MM M M MM SSSSSSSS IIIIIIIII
III MM M M MM SS III
III MM M MM SSSSSSSS III
III MM MM SS III
IIIIIIIII MM MM SSSSSSSS IIIIIIIII
IIIIIIIII MM MM SSSSSSSS IIIIIIIII
**************************************************
Integrated Management Services, Inc.
2101 Wilson Blvd, Suite 916
Arlington, VA 22201
Office Number: 703-528-0334 ext. 312
FAX Number: 703-528-3477
e-mail Address: pflesher@imsidc.com