OFF: Java, security

Jerry stayer at PI.NET
Sat Jan 11 03:24:21 EST 1997


Andy C wrote:
>>> No you can see the mail address of people who visit your web site
>>> only the IP address or domain name. (With all webservers I've used)

Tori:
>> You wouldn't believe what can be done with Java.  It's pure eeeevil.

> Doesn't it depend upon the SecurityManager implementation?

It depends on the server software. That software keeps the info of
visitors and I am fairly sure there are some programs that are able to
maintain databases of visitors' e-mail addresses.

> I believe HotJava, for example,
> is much more permissive than, say, Netscape.

Netscape runs on your local machine. The Java machine shipped with
Netscape is not able to make calls to the directory and file system, so
no Java script inside a web page is able to do something to your hard
disk and files. It could be different with other browsers of course.

With HotJava, you would be able to write code that writes data to the
visitor's hard disk or you would be able to write a program that lets
Java scripts write data to your disk.

So, what's eeevil and what's security?

Jerry



More information about the boc-l mailing list