On Mon, Nov 17, 2014 at 01:33:30PM -0500, D. Hugh Redelmeier wrote > | From: Walter Dnes <[email protected]> > > (Nice hack to run multiple browser instances.) > > | * As others have pointed out, the Java plugin is a major security hole, > | a cross-platform equivalant of Active-X. Remove, or disable the > | plugin. > > No, it isn't like Active-X. Totally different security model. > > Active-X: total trust in signed plug-ins > > Java: sandbox the application so that it isn't able to do unauthorized > things. Unfortunately, the attack surface is large enough that there > were likely and have been implementation failures.
I understand the differences "under the hood", but conceptually, at an abstract level, it's the same. A diesel-engined car has a different powersource than a gasoline-engined car or an electric car. But in the end, they accomplish the same task, i.e. moving a few people and some groceries around. And they're all capable of getting into accidents. Same thing with Java and Active-X, they involve downloading code from a webpage and executing it on your machine. And they're all capable of security breaches. Yes, they're different "under the hood", but the results are often the same. -- Walter Dnes <[email protected]> --- GTALUG Talk Mailing List - [email protected] http://gtalug.org/mailman/listinfo/talk
