[rc5] Security, Java and Source

Marcus Rugger rugger at iglou.com
Sat Oct 11 14:16:01 EDT 1997


My email client sent my previous post in "x-user-defined" character set.
Some people may not be able to read it so I'm sending it again.  Please
accept my humble apologies for screwing it up.  Here it is again.

----- Begin post

I've been programming C for 12 years and C++ for 5, but I've only just
tinkered around with Java.  I've never written anything really significant
with it so I'm not as familiar with it as perhaps I should be.  After
reading some of the posts in this list concerning Java and security I'm
beginning to wonder if I have some misconceptions concerning Java.  So I
thought I'd spew out my understanding of it and then let the Java gurus
show me the light.

It is my understanding that Java, when running inside the security context
of a browser, is safe or is at least intended to be safe.  When running
within the security context of a browser Java is not able to access the
file system, spawn other processes (no I don't mean threads) or execute
native methods.

It is my understanding that Java, when running outside the security
context of a browser, is *not* safe and is not intended to be safe.  When
running outside of the security context of a browser Java *is* able to
access the file system, spawn other processes (no I don't mean threads)
and execute native methods.

It is my understanding that Java achieves security through what is called
a Security Manager.  The security context of browsers are achieved by
making use of a strict Security Manager.

If the goal here is to use Java for networking and GUI because it's safe
and portable and a native method for the actual key crunching, what
security manager would we use and where would I get it?  We can't use the
same security manager that browsers use because it doesn't allow native
methods. I'd either have to write it myself or download one from Bovine.
If I downloaded the security manager from Bovine then I'm still trusting
them to the same extent I am now with their C based client.  Or have I
missed the point here?

David Putzolu states that, "it is easy to verify the safety of a small
native method."  I'd like to ask, how?  I ask that sincerely, if you know
a method of doing it that I don't I'd like to know about it.  The only
thing I'd know to do is get the source code to it and go over it.  That's
fine for me but I think most of the people on this list wouldn't know how
to read C code much less assembly code.

Direct all flames to rugger at iglou.com, direct sincere honest healthy
discussion to rc5 at llamas.net so we can all learn.

Thanks in advance.

Marcus Rugger



----
To unsubscribe, send email to majordomo at llamas.net with 'unsubscribe rc5' in the body.



More information about the rc5 mailing list