Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

Unsigned Java Web Start seems the most secure

Posted Nov 26, 2003 2:37 UTC (Wed) by MarkSwanson (guest, #9328)
Parent article: The upcoming security fight

Please correct me if I'm wrong, but is there anything even remotely as secure as
unsigned Java Web Start (JWS) applications?

Unsigned JWS applications have a few limitations (and there were some security holes
in versions released a year ago) but you can do pretty much anything you need to in
this environment except for access serial/parallel ports or native code. It seems to be
the most powerful/secure environment but seems to get the least mention. I wonder
why that is...

(Log in to post comments)

Posted Nov 26, 2003 8:14 UTC (Wed) by dvdeug (subscriber, #10998) [Link]

There are many forms of sandboxing that are just as secure as JWS, but without the speedhit of interpreted code. There are many that are more secure; if a program has internet access, it can be a jumping point for an attack on another system.

Unsigned Java Web Start seems the most secure

Posted Nov 26, 2003 20:56 UTC (Wed) by MarkSwanson (guest, #9328) [Link]

You say there are others, but why don't you name any?

Inquiring minds would like to know:
1. Name one that is as secure.
2. Name one that is more secure.

Perhaps I left things too open-ended. F.E. I don't consider the chroot
environment (or the capabilities settings Linux provides) as usable for
the masses as they require too much work to set up.