On Thu, 02 Oct 2003 17:47:02 -0400, Daniel B. <[EMAIL PROTECTED]> penned: > Mike Mueller wrote: >> >> .... It seems that the safest form of information push is >> unformatted text. > > Wouldn't it be sufficient to limit the formats to those that don't have > the expressive power to command the receiver to do arbitrary things? > > For example, HTML can't hijack a browser (or HTML-capable e-mail reader) > with scripting turned off, can it (ignoring buffer-overflow bugs)? > > Similarly, executable formats like Java, which has a comprehensive > security model, would be better if you ever really did need to deliver > executable code. (No, I didn't say Java implementations are perfect, > but there are a lot more layers of security to break through.) >
Even then, you send a jar file and most systems won't be able to use it just by clicking (although I think OS X users can). But uh ... java *can* have security features turned on, but in general, if you run a java app, you have full read/write access to the system, not to mention full network access. Java applets are generally sandboxed, but java apps are not. -- monique Please respond to the group OR to my email, but not both. (Group preferred.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]