Eric Swanson wrote:
> What we need now is
focus, energy and commitment
to create a business environment where it is possible (and profitable)
the
creation, deployment and maintenance of applications executed in secure
sandboxes.
Traditionally,
the quickest answer to a
This comes back to that great concept called 'Faith-based' Security (see Gunnar Peterson's post http://1raindrop.typepad.com/1_raindrop/2005/11/net_and_java_fa.html ), which is when people are told so many times that something is secure, that that they believe that it MUST be secure. Some examples:
Hi Dinis,
On 29 Mar 2006, at 05:52, Dinis Cruz wrote:
Thanks for confirming this (I wonder how many other other Java
developers are aware of this (especially the ones not focused on
security)).
Most I've worked with aren't really aware of the security manager,
never mind bytecode verific
Hello Eric (comments inline)
Eric Swanson wrote:
> Because I believe that Microsoft will never be as cooperative with .NET and
> the developer community as Sun is with Java, is there an opportunity for
> another company to step up to the plate on Microsoft's behalf?
There is definitely an opportu
Hello Stephen ,
Stephen de Vries wrote:
> I had the same intuition about the verifier, but have just tested this
> and it is not the case. It seems that the -noverify is the default
> setting!
Thanks for confirming this (I wonder how many other other Java
developers are aware of this (especial
Jeff, as you can see by Stephen de Vries's response on this thread, you
are wrong in your assumption that most Java code (since 1.2) must go
through the Verifier (this is what I was sure it was happening since I
remembered reading that most Java code executed in real-world
applications is not v
On 27 Mar 2006, at 11:02, Jeff Williams wrote:
I am not a Java expert, but I think that the Java Verifier is NOT
used on
Apps that >are executed with the Security Manager disabled (which I
believe
is the default >setting) or are loaded from a local disk (see "...
applets
loaded via the f
At 2:34 AM +0100 3/27/06, Dinis Cruz wrote:
> PS: For the Microsofties that are reading this (if any) sorry for
>the irony and I hope I am not offending anyone, but WHEN are you going
>to join this conversion? (i.e. reply to this posts)
>
> I can only see 4 reasons for your silence: a) y
Hi Kevin
Indeed this is somewhat surprising that there is no byte-code
verification
in place, especially for strong typing, since when you think about it,
this is not too different than the "unmanaged" code case.
Well there is some byte coding verification. For example if you
manipulate