Jeff, as you can see by Stephen de Vries's response on this thread, you
are wrong in your assumption that most Java code (since 1.2) must go
through the Verifier (this is what I was sure it was happening since I
remembered reading that most Java code executed in real-world
applications is not
As been said before in this thread, AJAX is just another 'architecture'
for creating systems that allow end users to use online services
(although due to the increased attack surface one more potentially
dangerous than an website interface).
But will AJAX dramatically increase or decrease the
Hello Eric (comments inline)
Eric Swanson wrote:
Because I believe that Microsoft will never be as cooperative with .NET and
the developer community as Sun is with Java, is there an opportunity for
another company to step up to the plate on Microsoft's behalf?
There is definitely an
If you are able to make direct calls to unmanaged code, then yes you can
jump out of the sandbox (assuming that you are in one in the first place)
The environment that I am talking about is one where you have managed
and verifiable code which is not allowed to perform dangerous actions
(such as
After much development and hard work here
is the first stable (beta) release of the new Owasp SiteGenerator tool
(whose Open Source development has been sponsored by Foundstone)
Owasp SiteGenerator allows the creating of dynamic websites based on
XML files and predefined vulnerabilities (some
no, a browser written in java would not have buffer overflow/stack
issues. the jvm is specifically designed to prevent it ...
-- Michael
On 3/29/06, Pavel Kankovsky [EMAIL PROTECTED] wrote:
On Mon, 27 Mar 2006, Brian Eaton wrote:
If I run a pure-java browser, for example, no web site's HTML
