- From: Elliotte Rusty Harold <elharo@metalab.unc.edu>
- Date: Fri, 26 Sep 2008 16:55:54 -0700
Robert O'Callahan wrote: > On Sat, Sep 27, 2008 at 9:19 AM, Elliotte Rusty Harold > <elharo at metalab.unc.edu <mailto:elharo at metalab.unc.edu>> wrote: > > I do think we have an existence proof that security in this realm is > possible. That's Java. Modulo some outright bugs in VMs (since > repaired) the default Java applet security model has worked and > worked well since 1.0 beta 1. (1.0 alpha 1 wasn't quite strict > enough.) I have seen no security design flaws exposed in Java > applets in over ten years. That's why I suspect duplicating Java's > security policy in HTML is a safe way forward. I'm skeptical that > anything less will suffice. > > > You also see that Java is almost never used in the public Web. Java > doesn't prove anything. > \ As I said, it's an existence proof. Sun's inability to provide decent developer tools (unlike Adobe) doesn't reflect on the capability of the model. -- Elliotte Rusty Harold elharo at metalab.unc.edu
Received on Friday, 26 September 2008 16:55:54 UTC