Jesus Gonzalez wrote:
> Question on Java security (I know some people consider that to be a
> Paradox). But just how bad are the security risks with Java?
I noticed that no one has responded to this post yet. I hate the questions that
definitely leave us all open for our "opinions", but what the heck, I'm brave.
(or maybe stupid?)
Jesus, it depends. My opinion is that the security risks associated with the
current implementations of Java pose enough of a threat that I would not want to
use it in a financial transactional system. But for some systems, it's a good
alternative.
> My organization is considering a web based transaction system. Different
> sides
> of the house prefer different technologies. My feeling is the Java is real
> insecure and a better model is one where the server handles all of the
> transaction (through CGI, server side includes, etc).
Isn't it interesting that different sides usually equates to "the ones that will
make the most money or gain the most power".
Yes, I agree, do the CGI, server side includes, etc.
>
> Recently Linus Torvalds bashed Java for it's fragmented standards and
> implementation. Has this affected any of you out there with respect to
> client access/security issues? And how is it possible with so many different
> implementations of Java to maintain adequate security, and even function,
> within the Java program?
One of the things that you only find out the hard way is the "browser & OS
variations" of how the Java functions. It's hard enough as it is writing CGI
and server side includes that will function with some amount of consistency with
the different browser/versions out there. Consistency with Java sometimes gets
to the silly level.
Disclaimer time. I'm not a guru by any means, and I'm sure there's a lot of
folks out there that can give a lot of "exact" examples why Java is (or isn't)
the best thing for Jesus to consider. But I think I'm pretty close to a good
overall picture of the situation.
Bottom line, someday (may be in 10 or 20 years?), if Java ever does plug up the
security (but isn't that what really matters?) holes, I'd move to it in a flash.
Hope this helps some,
Michael Sorbera
Webmaster/Security Guy/whatever else there is to do...
Randolph-Brooks Federal Credit Union
"In the land of the clueless, he who has half a clue is King!"
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
