[Foundation-l] Java becomes Open Source, what next?
Robert Scott Horning
robert_horning at netzero.net
Tue Nov 14 09:41:48 UTC 2006
Anthony wrote:
>Sorry if you find my sarcasm rude, but using java in this way has some
>major security issues. In fact, just using java applets at all has
>enough security and privacy issues that it isn't enabled by default on
>Firefox, and I personally haven't turned it on in quite a while.
>
>Sorry again if I've been overly blunt. It's a good general idea, but
>I think it's way before its time. Hopefully the opening of the source
>code to java will speed up the addressing of these types of issues.
>
>Alternatively, though this would be a much harder route, maybe some
>subset of the java language could be made available, in much the same
>way wiki-syntax translates into a subset of html.
>
>Anthony
>
Adding my own $0.02 here, this is indeed a bad idea for security issues
alone. I completely agree here with Anthony's sentiments as Java has
some very significant security holes that would open up some incredible
liability and other problems if used on Wikimedia sites. The very
thought of allowing anonymous users to post Java source code that would
be served up through Wikimedia servers..... I can't think of a worse
possible problem. It makes all of the issues with hacking the front
page of Wikimedia projects seem very tame and mild by comparison.
If there were some very heavilily restricted Java-language sub-set that
was allowed (a sanitized version used with MediaWiki) that might be
something worth looking at, but that is a major developer task and not
somthing to simply throw Java support into MediaWiki just because you
can do it. Similar issues have come up with even having Javascript
enabled with Wikimedia projects, for the very same reasons.
That said, it would be incredible if we could allow Wikimedia users the
option of having some custom tools that go beyond what can be served up
with HTML and server-side tool. The discussion to deal with this is
going to be long and involved and will take a team of very dedicated
individuals who really understand the software engineering issues before
it will become a reality.
--
Robert Scott Horning
More information about the foundation-l
mailing list