On Jul 24, 11:43 am, Ricky Clarkson <[email protected]> wrote: > > Java's security model is at least, > > indisputably much better than that of any non-managed language (i.e. > > better than zero) > Only in applets. Java desktop applications can do anything a C program can.
Not 100% true. First, there's WebStart too (I know JAWS its not a rocking success either - but it could be, if the resulting apps run well enough). Second, even for conventionally-installed Java apps you can enforce as much of the security model as you want - unfortunately there's no standard mechanism to perform local Java app installations in a secured way, so the app advertises required permissions etc. (again see Android)... this could be fixed, but it's hard because it would require some integration with OS-native installation services so app providers cannot circumvent the system. For both Java and native apps, it's certainly possible to limit permissions of locally installed apps; it's only not possible to enforce this so users cannot install something without knowing about, and explicitly granting the required permissions. For native apps you can do like Google Chrome - multi-process model, self-restriction of privileges on a per-process basis. Java apps can do exactly the same, except that it's all easier and more lightweight (does not require multiple processes), so arguably there is some advantage for Java even in this case... A+ Osvaldo > > I never heard anyone claiming that C/C++ are > > dead/dying because of security. > > It's desktop apps that seem to be dying, not particularly Java ones. -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
