Re: Anyone else notice that Swen is slowing down?
On Thu, 02 Oct 2003 21:46:56 -0400, Daniel B. <dsb@smart.net> penned:
> "Monique Y. Herman" wrote:
>>
>> On Thu, 02 Oct 2003 17:47:02 -0400, Daniel B. <dsb@smart.net> penned:
>> > Mike Mueller wrote:
>> >>
>> >...
>> > Similarly, executable formats like Java, which has a comprehensive
>> > security model, would be better if you ever really did need to deliver
>> > executable code. (No, I didn't say Java implementations are perfect,
>> > but there are a lot more layers of security to break through.)
>> >
>>
>> Even then, you send a jar file and most systems won't be able to use it
>> just by clicking (although I think OS X users can).
>
> Why wouldn't other systems be able to use it? As long as the particular
> mail client (or system) can be and is configured to recognize Jar files
> and run the JVM, there shouldn't be a problem getting it to work.
>
>> But uh ... java *can* have security features turned on, but in general,
>> if you run a java app, you have full read/write access to the system,
>> not to mention full network access.
>
> Only if your JVM is configured that way. (Yes, that's the default, but
> it's fairly easy to change the security policy file, though managing
> settings for local trusted vs. just-downloaded files probably takes
> effort.)
>
>
>> Java applets are generally
>> sandboxed, but java apps are not.
>
> Well, of course running Java from a mail client should use the same
> security settings used for applets in browsers (or Java Web Start
> applications).
>
>
> Daniel
Of course you *can* set up your machine to run jar files with a click,
sandbox your java apps, etc. But you *can* set up your machine to do
all sorts of stuff.
All I was trying to say is that, out of the box, java apps are no more
secure than any other app, except through obscurity (most people's
systems probably aren't configured to run a jar by double-clicking).
--
monique
Please respond to the group OR to my email, but not both. (Group preferred.)
Reply to: