[Foundation-l] Java becomes Open Source, what next?
Erik Moeller
erik at wikimedia.org
Tue Nov 14 00:54:17 UTC 2006
Sun Microsystems will make all the Java code they own available under the GPL:
http://www.sun.com/software/opensource/java/
This is a very major step. IMHO we should now make Java core part of
our own strategy, as it's one of the best ways to deliver interactive
content (high quality animations, learning tools, etc.). There are
large numbers of free applets that we can potentially use, esp. in
Wikipedia and Wikiversity.
My main question is: Are there security considerations with enabling
the upload and embedding of Java Applets? According to
http://java.sun.com/sfaq/
one of the capabilities of applets is to open a connection to the
originating host. Could this be used, e.g., to create auto-vandalism
applets and if so, can we somehow protect against it?
If security is a major issue, might it be feasible to maintain a
whitelist of certificates (to allow applets from trusted authority to
be uploaded directly), and to flag all other applets as
"non-embeddable" until a sysop flips a switch, so they can be reviewed
for security? We could add a big fat warning on the file description
page.
--
Peace & Love,
Erik
Member, Wikimedia Foundation Board of Trustees
DISCLAIMER: Unless otherwise stated, all views or opinions expressed
in this message are solely my own and do not represent an official
position of the Wikimedia Foundation or its Board of Trustees.
More information about the foundation-l
mailing list