[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Robert O'Callahan robert at ocallahan.org
Fri Sep 26 14:44:39 PDT 2008


On Sat, Sep 27, 2008 at 9:19 AM, Elliotte Rusty Harold <
elharo at metalab.unc.edu> wrote:

> I do think we have an existence proof that security in this realm is
> possible. That's Java. Modulo some outright bugs in VMs (since repaired) the
> default Java applet security model has worked and worked well since 1.0 beta
> 1. (1.0 alpha 1 wasn't quite strict enough.) I have seen no security design
> flaws exposed in Java applets in over ten years. That's why I suspect
> duplicating Java's security policy in HTML is a safe way forward. I'm
> skeptical that anything less will suffice.
>

You also see that Java is almost never used in the public Web. Java doesn't
prove anything.

Rob
-- 
"He was pierced for our transgressions, he was crushed for our iniquities;
the punishment that brought us peace was upon him, and by his wounds we are
healed. We all, like sheep, have gone astray, each of us has turned to his
own way; and the LORD has laid on him the iniquity of us all." [Isaiah
53:5-6]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080927/eb69a5e0/attachment-0001.htm>


More information about the whatwg mailing list