Re: How to make my java applets more user friendly
On 7/11/2014 5:30 PM, blmblm@myrealbox.com wrote:
In article <lp3p8f$s8v$1@dont-email.me>,
Eric Sosman <esosman@comcast-dot-net.invalid> wrote:
On 7/3/2014 9:01 AM, w.tom.adams@gmail.com wrote:
[...]
One question I have is this: Why is Javascript not as vulnerable as Java Applets?
Experts (I'm not one) have opined that the security models for
JavaScript and Java are fundamentally different. JavaScript (they
say) was designed from its infancy to run in a browser's sandbox,
but Java is a fully-functional general-purpose language with a
sandbox bolted on afterwards.
Hm! I thought I had read, back when I first started learning Java
(1998?), that one of the original design goals of the language was
to provide just the kind of sandbox that would make it safe to run
applets from possibly-untrustworthy sources, and its evoluation into
a general-purpose language came later. But I haven't researched
the history, so you could be right.
<http://en.wikipedia.org/wiki/Java_%28programming_language%29>
lists "robust and secure" as one of five primary goals for Java,
but it's not clear whether these goals were "original" or just sort
of retrofitted after Java/Green/Oak moved beyond set-top boxes.
Also, it seems to me that each of the five goals offers at least
some opportunity to meditate on the difference between "goal" and
"achievement," and to mutter the old saying that one's reach should
exceed one's grasp ...
<http://en.wikipedia.org/wiki/Criticism_of_Java> offers a few
words on Java security, although some of the gripes seem to have more
to do with Oracle's support of Java than with Java itself. The page
at <http://en.wikipedia.org/wiki/Java_security> gets more specific
about particular flaws and exploits thereof. (I imagine a security
expert might have a few quibbles with the latter page, though.)
--
Eric Sosman
esosman@comcast-dot-net.invalid