Gary McGraw wrote:
The switch from "applets vs applications" security to "trusted code vs untrusted
code" happened with the introduction of jdk 1.1 (way back when). Ed and I followed the sun
marketing lead in 96 when it came to applets vs applications, but we cleared this up later in
Securing Java www.securingjava.com.
well somebody at Java must have missed this memo (and in Microsoft too)
since the only code that both Java and .Net don't trust is code executed
from directly from the Internet into a Browser (and only if using the
default policy, something that Microsoft with the 2.0 changes to the
'Click Once' system made very easy to bypass)
Dinis Cruz
Owasp .Net Project
www.owasp.net
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
