Re: Debian two-factor auth, GSoC?
> > > Please take your FUD elsewhere.
> > >
> > > It's an implementation of the JavaCard specification. It's not
> > > something that runs in your web browser, but they're both called
> > > applets.
> >
> > Does it require a JRE to be installed (which the security community
> > avoids for good reason), if so then it does reduce your server/machine
> > security, though you may deem it acceptable and obviously not to the
> > same level as java browser applets which are basically putting up a
> > rental sign to any site you visit.
>
> Debian is not Windows. We have separate packages for the JRE and the
> browser plugin.
What has Windows got to do with anything?!?! I am saying that just
because something is less than terrible security wise, that doesn't stop
it from reducing a machines security, some such as JRE even without
plugins reduce security or increase attack and escalation vectors more
than others.
Obviously it is a balance of options and risk analysis. I'm just saying
anything that requires a JRE would push it down my list if there are any
choices and so not FUD as such but rather something that may be deemed
as acceptable.
Personally I wouldn't run a JAR on any server for example.
--
_______________________________________________________________________
'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'
(Doug McIlroy)
_______________________________________________________________________
Reply to: