U.S. warns on Java software as security concerns escalate

[Roedy Green]

I notice that you completely ignored the factual technical information
I provied.

Your sentences don't even parse. Perhaps ask someone else to rephrase
your points.

The culprit is not the JVM, but somebody writing an unsigned Applet
which masquerades as harmless but has found some way to cause harm
despite the efforts of the sandbox. I have written many Applets and I
have found the sandbox to be extremely strict, overly strict in my
opinion.

You seem to be arguing that no sandbox is better than a sandbox that
had two repaired flaws.

If you want a technical discussion, please refrain from the ad hominem
attacks.
--
Roedy Green Canadian Mind Products http://mindprod.com
The first 90% of the code accounts for the first 90% of the development time.
The remaining 10% of the code accounts for the other 90% of the development
time.
~ Tom Cargill Ninety-ninety Law

 

[Roedy Green]

Other than applets, are there any classes of Java programs that rely on
the security manager?

Java Web Start also has signed code, and you can grant fined grained
permissions.
--
Roedy Green Canadian Mind Products http://mindprod.com
The first 90% of the code accounts for the first 90% of the development time.
The remaining 10% of the code accounts for the other 90% of the development
time.
~ Tom Cargill Ninety-ninety Law

 

[Roedy Green]

The closed mindedness and general ignorance of Java fanatics never
ceases to amaze.

I presume you have never written an unsigned or signed Applet that
uses the sandbox, or even a plain Java application for that matter.

It seems odd you be would so certain that your understanding of how it
works is superior to those that have.

We are talking about something we use as a tool every day. You are
talking about something you have no experience with. Who is the
fanatic?
--
Roedy Green Canadian Mind Products http://mindprod.com
The first 90% of the code accounts for the first 90% of the development time.
The remaining 10% of the code accounts for the other 90% of the development
time.
~ Tom Cargill Ninety-ninety Law

 

[Arne Vajhøj]

I usually think of applets as an interesting idea that somehow failed to
catch on: the history of technology is full of such occurrences.

It did catch on back in the 90's.

But then it did not evolve and other technologies especially
Flash took over.

Arne

 

[Arne Vajhøj]

Other than applets, are there any classes of Java programs that rely on
the security manager?

Applets are by far the most well known case, but there are other.

Web hotel serving Java web apps with multiple customers in a
shared web container.

It is not so good to allow verybad.jsp:

<%
System.exit(1);
%>

RMI where code get downloaded and executed.

Arne