For the average computer user, Java's this thing that pops up asking to update itself (and how many clicks does this actually take?), but they don't know what it is.
They're not going to know that it's actually safe to install certain Java apps, and even if it is, those Java apps won't be able to do any typical desktop tasks such as playing video. For that we (currently) need to be able to call out to native code not supplied with the JVM. The problem, I believe, needs addressing at the OS level, though every little helps on the Java end. On Tue, Jul 26, 2011 at 8:51 AM, opinali <[email protected]> wrote: > On Jul 24, 11:43 am, Ricky Clarkson <[email protected]> wrote: >> > Java's security model is at least, >> > indisputably much better than that of any non-managed language (i.e. >> > better than zero) >> Only in applets. Java desktop applications can do anything a C program can. > > Not 100% true. First, there's WebStart too (I know JAWS its not a > rocking success either - but it could be, if the resulting apps run > well enough). Second, even for conventionally-installed Java apps you > can enforce as much of the security model as you want - unfortunately > there's no standard mechanism to perform local Java app installations > in a secured way, so the app advertises required permissions etc. > (again see Android)... this could be fixed, but it's hard because it > would require some integration with OS-native installation services so > app providers cannot circumvent the system. > > For both Java and native apps, it's certainly possible to limit > permissions of locally installed apps; it's only not possible to > enforce this so users cannot install something without knowing about, > and explicitly granting the required permissions. For native apps you > can do like Google Chrome - multi-process model, self-restriction of > privileges on a per-process basis. Java apps can do exactly the same, > except that it's all easier and more lightweight (does not require > multiple processes), so arguably there is some advantage for Java even > in this case... > > A+ > Osvaldo > >> > I never heard anyone claiming that C/C++ are >> > dead/dying because of security. >> >> It's desktop apps that seem to be dying, not particularly Java ones. > > -- > You received this message because you are subscribed to the Google Groups > "The Java Posse" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/javaposse?hl=en. > > -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
