W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2008

[whatwg] Dealing with UI redress vulnerabilities inherent tothe current web

From: Richard's Hotmail <maher_rj@hotmail.com>
Date: Sat, 27 Sep 2008 11:17:39 +0800
Message-ID: <BAY131-DAV79BFFAF2893C740C53CF0FB460@phx.gbl>
Hi Rob,

> You're saying Java's security model is adequate for what people want to do on the Web. 
> I say that is unproven since people are not using Java on the Web. 
> *Why* they are not using Java on the Web is irrelevant.

I certainly don't know what's on every web-page out there, but when it comes to Java Applets and the security model, the following recent developments may be of interest (especially the crossdomain stuff): -

https://jdk6.dev.java.net/plugin2/
http://weblogs.java.net/blog/joshy/archive/2008/05/java_doodle_cro.html

Cheers Richard Maher

  ----- Original Message ----- 
  From: Robert O'Callahan 
  To: elharo at metalab.unc.edu 
  Cc: whatwg at lists.whatwg.org ; Michal Zalewski 
  Sent: Saturday, September 27, 2008 8:38 AM
  Subject: Re: [whatwg] Dealing with UI redress vulnerabilities inherent tothe current web


  On Sat, Sep 27, 2008 at 11:55 AM, Elliotte Rusty Harold <elharo at metalab.unc.edu> wrote:

    As I said, it's an existence proof. Sun's inability to provide decent developer tools (unlike Adobe) doesn't reflect on the capability of the model.


  That has nothing to do with it.

  You're saying Java's security model is adequate for what people want to do on the Web. I say that is unproven since people are not using Java on the Web. *Why* they are not using Java on the Web is irrelevant.

  In fact, people are doing a lot of things on the Web, using cross-origin IFRAMEs, that are not possible with the Java model.

  Or maybe you're not saying that. Maybe you're just saying "the Java model is secure" and not claiming it meets people's needs. In that case, you may be right, but that's not very interesting --- it's easy to come up with safe, simple security models that don't provide the functionality people want.

  Rob
  -- 
  "He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080927/6396106f/attachment.htm>
Received on Friday, 26 September 2008 20:17:39 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:05 UTC