Date: Tue, 13 May 1997 12:26:30 +0200
From: Benjamin de la Porte des Vaux <delaport@euklid.informatik.uni-dortmund.de>
To: Marianne Mueller <mrm@Eng>
Subject: Re: not a JVM-level decision
Thanks for Your feedback.
I'm very pleased to see that You
answer rapidly.
> I don't think you'd want the JVM to be making policy decisions about
> which protocols it would honor; rather, you'd want an application,
> under control of a policy configuration for that application, to
> either allow or not allow certain protocols.
I only want Java to be safe.
And I think Java wants too.
I know that security is a very big problem.
Letting people allow communications with
servers they consider to be safe, why not...
(It is already possible, isn't it?)
They still control what Java can or cannot do.
Java is, in a certain way, still safe.
But I think that letting people enable Java
AND Javascript (as long as Java allows
Javascript-URLs) is, in a security point of
view, totally different.
As a matter of fact, Java becomes as safe as
Javascript and not more,
which is, in my point of view, a big security
problem.
That's why I think that it is JVM's work to stop
Javascript-URLs, even if it seems to be
restrictive.
I'm afraid that Java lost a big part of its
credibility if it is not safe in itself,
I mean: if You have just to enable Javascript
to make Java lost its safety...
Sincerely Yours,
Benjamin.