On 11/14/06, Simetrical
<Simetrical+wikitech(a)gmail.com> wrote:
That said, there's no reason to be paranoid.
Yes, there will always
be vulnerabilities, but they'll be doubly limited by the approval
process *and* the sandbox. We aren't distributing arbitrary machine
code, we're distributing Java, which as far as I know can't do
anything like take over your computer or wipe your hard drive.
Running arbitrary Java is not to my knowledge a real security risk, at
least no more than arbitrary JavaScript (which can spy on you to an
extent), and this Java won't even be arbitrary: it will be vetted
first, however imperfectly.
You are mistaken about the nature of Java code. Java code can do
anything code in any other language can do (can we say
java.lang.Runtime, please?); all it takes to escape the security
context is one user clicking "OK" to the "give this applet
permissions?" question that comes up when a signed applet is signed
with an unrecognized certificate. Most people will click "OK" on that
dialog. This is even true for applets; escaping the standard security
context merely requires a touch of social engineering.
A la. "this does really cool stuff, but um you need to click ok because
I didn't feeling like paying evil corporations money".
--
Alphax -
Contributor to Wikipedia, the Free Encyclopedia
"We make the internet not suck" - Jimbo Wales
Public key: