On 11/14/06, Simetrical Simetrical+wikitech@gmail.com wrote:
That said, there's no reason to be paranoid. Yes, there will always be vulnerabilities, but they'll be doubly limited by the approval process *and* the sandbox. We aren't distributing arbitrary machine code, we're distributing Java, which as far as I know can't do anything like take over your computer or wipe your hard drive. Running arbitrary Java is not to my knowledge a real security risk, at least no more than arbitrary JavaScript (which can spy on you to an extent), and this Java won't even be arbitrary: it will be vetted first, however imperfectly.
You are mistaken about the nature of Java code. Java code can do anything code in any other language can do (can we say java.lang.Runtime, please?); all it takes to escape the security context is one user clicking "OK" to the "give this applet permissions?" question that comes up when a signed applet is signed with an unrecognized certificate. Most people will click "OK" on that dialog. This is even true for applets; escaping the standard security context merely requires a touch of social engineering.
Kelly