On Fri, 23 Jan 2004 15:53:26 +1100 (EST) Rick Welykochy <[EMAIL PROTECTED]> wrote:
> Can you explain to the list how a client-side application (Java) > can be considered more secure that a server-side application (CGI) > running on the web server? The former can theoretically rip into your > machine and wreak havoc (and has done in the past) whereas the latter > can do no such thing. Most web browsers have had many more security problems than java. Server side vs client side doesn't mean much. The fact is that sensitive data is going between your machine and the bank. If you have more control (i.e. java) you can decide for yourself how much encyryption to use. The commbank were trailblazers in netbanking. Their client used 128bit encryption well before standard browsers got it. Their client also had built-in defences against things like keyboard sniffers (to type in your password you had to click on numbers on a moving keypad on the screen). > Given all the "sandbox escapades and escapes" that Java has suffered > over the years, I would be hard to convince that Java is 100% safe > on the client side. Nothing is 100% safe. -- Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
