On Sun, Aug 7, 2011 at 10:40 PM, Uwe Baumbach <U.Baumbach(a)web.de> wrote:
Concerning your security headache I think it is more
comprehensible for
JavaScript (sandboxes) then for Java, and MediaWiki is "swimming" in
JavaScript. But ultimate decision makes the user.
I'm not sure what you think "my" security headache is -- I'm talking
about
browser and OS makers disabling the Java plugin or failing to install Java
in the first place. One of the reasons sometimes given is that the
single-vendor Sun/Oracle JRE has a history of security vulnerabilities that
are not present in browsers otherwise. (Similar concerns exist for Adobe
Flash, another single-vendor plugin with a history of security
vulnerabilities that are not present in browsers otherwise.) Most of the
major browsers have their own JavaScript implementations, which is a
healthier ecosystem to begin with, and more importantly allows each OS or
browser vendor to actually ship fixes. ;)
-- brion