On 3/30/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > Just because no-one has told you, or you haven't seen it doesn't mean > it doesn't happen.
amen. what's the cost if you are wrong? (the likely case over a sufficient period of time against motivated attackers) that artificial security flavoring is only reassuring while the luck continues... > It's pretty concerning to me, as a java programmer, that the verifier > is off by default and hence any jar running can run free or the > contraints I've tried to enforce. Or that another j2ee app could > possibly be viewing the data I was processing in a shared-hosting > environment. in a shared processing environment you have bigger concerns, but i do agree this is disturbing if your system was designed to operate in privacy. > And further, if your code _doesn't_ run properly with the verifier, > then what the hell are you doing? probably coding like the other 97% of the planet. (now that's _really_ concerning) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
