From: Roland.Schemers@Eng (Roland Schemers)
Message-Id: <199704142238.PAA24491@crypto.eng.sun.com>
Subject: Re: Hypocritical demonstration at JavaOne conference
To: ttran@bmgmusic.com (Tru Tran)
Date: Mon, 14 Apr 1997 15:38:26 -0800 (PDT)
In-Reply-To: <85256479.007844EB.00@in03-gway02.bmgmusic.com> from "Tru Tran" at Apr 14, 97 06:21:36 pm
> If ActiveX's trust-based security model is so terrible, why is Sun pursuing
> the same
> strategy for its JDK 1.1?
I'm just a programmer, so opinions expressed within are mine :-)
Hum... Lets look at that URL:
....
JDK 1.1 also provides a tool that can sign Java ARchive (JAR) files, which can
contain classes and other data (such as images and sounds). The appletviewer
allows any downloaded applets in JAR files signed (using the tool) by a trusted
entity to run with the same full rights as local applications. That is, such
applets are not subject to the "sandbox" restrictions of the original Java
security model. Later releases will provide more sophisticated security
policies, including greater granularity in the allowable trust levels.
...
Did you miss the last line?
"Later releases will provide more sophisticated security
policies, including greater granularity in the allowable trust levels."
It was simply not possible to get this feature into JDK 1.1, and these
features are planned for the next release. There are customers out there
that have intranets where letting certain applets out of the sandbox
is an acceptable short term policy.
For the next release we are planning on fine-grained access control policies
that limit what applets and applications can do.
*This is simply not possible with ActiveX* Once the ActiveX control is running,
it can do whatever any other EXE program on your system can do, and there
isn't a thing you can do about.
>From the beginning, the Java security model was designed to be openned
up over time, in a controllable fashion. The initial policy has
been very restrictive, in order for customers, programmers, end-users,
etc, to gain experience working in the brave-new world of mobile executable
content. Having something similar to ActiveX from day one would have
been a bad idea.
> Tell Mr. McNealy to leave the mud-slinging to the politician.
You might consider it mud-slinging, but I consider it educating the
public on just how dangerous ActiveX is.
roland