TIP: Click on subject to list as thread! ANSI
echo: os2inet
to: DAVID PAGE
from: MURRAY LESSER
date: 1997-03-30 14:39:00
subject: JAVA security
Excerpted from message dated 03-29-97, David Page to Jeff Malka:
DP>Having said that, there are a list of things JAVA programs aren't
  >supposed to be able to do, like write to hard disk, or use memory
  >outside of an allocated block. ActiveX has none of those
  >limitations. So, if a JAVA program messes you up, then the Runtime
  >on your end (either Netscape's or OS/2's native runtime) has fouled
  >up in letting that happen...
Hi David--
    There is an important difference between Java Applications and Java
Applets.  Java Applications can do anything to your system that any
other executable program could do, perhaps including overwriting all the
"unlocked" files on your hard drives.  But a "native OS/2" program
written in C, say, that you downloaded from an unknown source could do
the same thing to you!  In either case, you would have to actively
execute the program in order for this to happen.  If you are in the
habit of intentionally executing programs from unknown sources (no
matter what language they were written in), this is something that you
might worry about.
    Java Applets are different.  If you use a Java-enabled browser and
you happen to link into a Web page that carries malicious Java Applets,
you have had it before you can do anything about it.  Now, it is
supposed to be very hard to write Java Applets that can do actual harm,
but there are ways to do it (just as there are ways to write viruses)
and the Java-enabled browser vendors are trying to keep up with the
holes in the Java security system as fast as those holes are discovered.
(It is my opinion that this is why IBM recalled the license to the demo
Java-enabled version of Web Explorer.)
    But it is not hard to write perfectly "legal" (under the official
Java security mechanisms) malicious Java Applets that will overload your
system until it hangs, perhaps after you have disconnected from the
source.  To learn how (if you are a Java programmer), see the book "Java
Security," ISBN 0-471-17842-X, Wiley, 1997, $19.95(US).  Or you can
download such information from any of several "hacker" sources on the
Internet.
    Regards,
          --Murray

___
 * MR/2 2.25 #120 * Fidonet is almost like having a social life
--- Maximus/2 2.02
---------------
* Origin: OS/2 Shareware BBS, telnet://bbs.os2bbs.com (1:109/347)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.