Bugtraq readers interested in what Java code can and cannot do from a security perspective should see: http://www.securingjava.com where Ed Felten and I have placed the entire contents of our new book "Securing Java" on the Web for free. (We wrote Java Security: HA HA back in 1996.) Data point: the new Java 2 security model makes no distinction between applets and applications. The ability for Java code to open a socket connection can be changed at the discression of the VM's security policy manager. gem *------------------------------------------------------------------* | Dr. Gary McGraw gemat_private | (__) | |-----------------------------------------| (oo) | | Vice President | /-------\/ | | Reliable Software Technologies (RST) | / | || | | Sterling, VA | * ||----|| | | <http://www.rstcorp.com/~gem> | ^^ ^^ | *------------------------------------------------------------------*
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:10 PDT