[whatwg] Dealing with UI redress vulnerabilities inherent to the current web

Maciej Stachowiak mjs at apple.com
Tue Sep 30 15:57:21 PDT 2008


On Sep 30, 2008, at 7:57 AM, Elliotte Harold wrote:

> Maciej Stachowiak wrote:
>
>> More generally, I am on Apple's internal incoming security bug  
>> list, and I see Java applet security bugs all the time, so I think  
>> whatever the strength of the model may be, it does not lead to Java  
>> applets being secure in practice.
>
> Are those bugs in the model or in the VM? Stack overflow issues,  
> buggy code, and such are of a different character than fundamental  
> design flaws. Simple bugs can be fixed much more easily.

Many of the bugs I see are about what applet has access to what  
network or local resources, i.e. failures of the access control model.  
I do not have direct knowledge of how easy these are to fix compared  
to other Java applet bugs.

  - Maciej




More information about the whatwg mailing list