Excerpted from message dated 07-21-97, Bill Christensen to Steve
Mccrystal:  (original subject: New release of Netscape)
BC>A Java applet, that lands on your machine, does NOT have the ability
  >to read your disk drive, let alone write to your drive.  A bug free
  >Java Virtual Machine, running on your machine, will not allow the
  >downloaded applet code to do any reading or writing to your drive(s).   
Hi Bill--
    If you believe that, you are a prime prospect to buy the Brooklyn
Bridge :-).  Among the other problems with the overly hyped Java
Security system: the enforcement responsibility is divided between the
group that wrote the javac compiler, the group that wrote the "virtual
machine" software for your particular hardware, and the group that wrote
the Java-enabled Browser.  The primary onus for safety is on the browser
writer!
    Only "hostile" Applets can diddle with your data, and the people who
write Java-enabled browsers work overtime to plug the holes in the Java
security system every time a new hole is discovered.  But anyone can
write "malicious" Applets (there is nothing in the rules to prevent
them!) that will take over all the resources of your system.
    See the book JAVA SECURITY (ISBN 0-471-17842) for a description of
"hostile" and "malicious" Applets.  As that book points out, the only
protection against dangerous Java Applets is to never link to an
"insecure" web site with a Java-enabled browser.  For all practical
purposes, the definition of a "secure" web site is one for which you
can personally vouch for the integrity of its owner.
    Regards,
          --Murray

___
 * MR/2 2.25 #120 * If you are not confused, you don't understand the 
situation
--- Maximus/2 2.02
---------------