this is what I would like to be clear about
Apart from spamfilters, is reliance on JVM design enough? (apart from
continually reminding the users)
So, as others have pointed out, JavaScript in browsers and email has
nothing to do with the Java programming language and JVM. But, to answer
the general question on the JVM:
The JVM, and particularly the applet component of it, which is the only
piece of software accessible from your browser, is a very mature piece
of software. It's been around for ~10 years on solaris/windows, and at
least 5 on linux.
Given the relatively open nature of the design, you'd expect any glaring
security flaws to be identified and fixed in subsequent versions (as
they were with MS' JVM).
It's also worth noting that even if an applet were to escape out of a
sandbox, and try to do something naughty, it would be trapped by UNIX
permissions, unless you were silly enough to do something like run the
offending applet as root.
A basic introduction to the JVM security model is here:
http://www.javaworld.com/javaworld/jw-08-1997/jw-08-hood.html
Cheers,
Matt Moor
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
