Re: Anyone else notice that Swen is slowing down?
On Thu, 02 Oct 2003 17:47:02 -0400, Daniel B. <dsb@smart.net> penned:
> Mike Mueller wrote:
>>
>> .... It seems that the safest form of information push is
>> unformatted text.
>
> Wouldn't it be sufficient to limit the formats to those that don't have
> the expressive power to command the receiver to do arbitrary things?
>
> For example, HTML can't hijack a browser (or HTML-capable e-mail reader)
> with scripting turned off, can it (ignoring buffer-overflow bugs)?
>
> Similarly, executable formats like Java, which has a comprehensive
> security model, would be better if you ever really did need to deliver
> executable code. (No, I didn't say Java implementations are perfect,
> but there are a lot more layers of security to break through.)
>
Even then, you send a jar file and most systems won't be able to use it
just by clicking (although I think OS X users can).
But uh ... java *can* have security features turned on, but in general,
if you run a java app, you have full read/write access to the system,
not to mention full network access. Java applets are generally
sandboxed, but java apps are not.
--
monique
Please respond to the group OR to my email, but not both. (Group preferred.)
Reply to: