[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Elliotte Harold elharo at metalab.unc.edu
Tue Sep 30 07:57:25 PDT 2008


Maciej Stachowiak wrote:

> More generally, I am on Apple's internal incoming security bug list, and 
> I see Java applet security bugs all the time, so I think whatever the 
> strength of the model may be, it does not lead to Java applets being 
> secure in practice.
> 

Are those bugs in the model or in the VM? Stack overflow issues, buggy 
code, and such are of a different character than fundamental design 
flaws. Simple bugs can be fixed much more easily.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
Refactoring HTML Just Published!
http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA



More information about the whatwg mailing list