Applet going outside the sandbox - CAGE

prasad (prallap@is.arco.com)
Wed, 18 Jun 1997 11:50:43 -0800

Date: Wed, 18 Jun 1997 11:50:43 -0800
From: prasad <prallap@is.arco.com>
To: java-security@web2.javasoft.com
Subject: Applet going outside the sandbox - CAGE

--=20
=DB=A5-
Hi:
SOmeone sent me the following. Is there any meat to this 'rap'? How can
a java applet go outside the sandbox? How can we prevent.

Thanks in advance for your response.

Regards
Prasad

_____Startup To Roll Out Java Protection_____
The rap on Java is that buggy or malicious code can wreak
havoc on a network. Startup Digitivity Inc. will announce
next week security software aimed at skirting that problem by isolating
Java=20
applets from the internal network.

Here's how the software, called the Cage, works. Typically,
applets are downloaded directly to an end user's browser.
With the Cage, Java applets are downloaded from the Internet
onto the software, which sits in front of the corporate
firewall. From there, the Cage splits the user interface from the applet

--
creating a so-called proxy applet -- and downloads it to a browser
running
on the end user's desktop. Thus, the applet's code, whether good or bad,
stays in the Cage Server, safely outside the internal network. The
software
centralizes all the Java applets within the Cage, making it easier for
an IT=20
department to check for and eliminate faulty or malicious applets, says
Andrew Herbert, chief technology officer of Digitivity.

Available now, the Cage runs on Windows NT and Sun Solaris. Pricing starts at $7,500 for 25 concurrent users, which supports a network of about 100 people. Digitivity plans to offer by the fourth quarter a Policy Cage, which will let IT managers set different policies for different Cage Servers. By the first quarter of 1998, Digitivity will offer an Enterprise Cage, which will let IT managers link applets running on the Cage to back-office systems running legacy applications. -- Aisha Williams and Beth Davis