On 11/13/06, Erik Moeller <erik(a)wikimedia.org> wrote:
My main question is: Are there security considerations
with enabling
the upload and embedding of Java Applets? According to
http://java.sun.com/sfaq/
one of the capabilities of applets is to open a connection to the
originating host. Could this be used, e.g., to create auto-vandalism
applets and if so, can we somehow protect against it?
I think letting people embed java applets would be really really bad.
Besides the auto-vandalism applets, one could, for instance, write an
applet which reads the person's cookies and posts them on his own talk
page (or even better, emails them using [[Special:Emailuser]]). See
[[cross-site scripting]] for more evil ideas.
If security is a major issue, might it be feasible to
maintain a
whitelist of certificates (to allow applets from trusted authority to
be uploaded directly), and to flag all other applets as
"non-embeddable" until a sysop flips a switch, so they can be reviewed
for security? We could add a big fat warning on the file description
page.
Might as well give those people with certificates root access on all
the servers, and let all others upload applications which won't run on
the servers until a sysop glances at it and flips a switch.
Sorry if you find my sarcasm rude, but using java in this way has some
major security issues. In fact, just using java applets at all has
enough security and privacy issues that it isn't enabled by default on
Firefox, and I personally haven't turned it on in quite a while.
Sorry again if I've been overly blunt. It's a good general idea, but
I think it's way before its time. Hopefully the opening of the source
code to java will speed up the addressing of these types of issues.
Alternatively, though this would be a much harder route, maybe some
subset of the java language could be made available, in much the same
way wiki-syntax translates into a subset of html.
Anthony