Robert O'Callahan wrote:
On Sat, Sep 27, 2008 at 9:19 AM, Elliotte Rusty Harold
<[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
I do think we have an existence proof that security in this realm is
possible. That's Java. Modulo some outright bugs in VMs (since
repaired) the default Java applet security model has worked and
worked well since 1.0 beta 1. (1.0 alpha 1 wasn't quite strict
enough.) I have seen no security design flaws exposed in Java
applets in over ten years. That's why I suspect duplicating Java's
security policy in HTML is a safe way forward. I'm skeptical that
anything less will suffice.
You also see that Java is almost never used in the public Web. Java
doesn't prove anything.
\
As I said, it's an existence proof. Sun's inability to provide decent
developer tools (unlike Adobe) doesn't reflect on the capability of the
model.
--
Elliotte Rusty Harold
[EMAIL PROTECTED]