begin quoting David Brown as of Sun, Dec 30, 2007 at 09:15:39AM -0800: > On Sun, Dec 30, 2007 at 08:55:56AM -0800, SJS wrote: > >begin quoting [EMAIL PROTECTED] as of Sat, Dec 29, 2007 at 05:11:52PM > >-0800: > >>On Sat, Dec 29, 2007 at 04:56:43PM -0800, SJS wrote: > >>> If you're going to have 'em run untrusted programs as a way of > >>> life, why not just have 'em download actual application programs? > >> > >>First of all, I'm not sure if that is possible. How sophisticated > >>have Javascript client apps become? Could you download and run > >>say an entire tiny IM/IRC client app in your browser? > > > >There are Java IRC applets out there all over the place. > > I though the Java security model would allow an application to either > access local files, or access the network, just not both.
That's a policy file I'd like to see. My understanding is that the default policy for applets, allows connections back to the server the applet was loaded from, and local filesystem access to the extent of creating and using temporary files in the user's TEMPDIR. Andrew has pointed out that one of the problems with Java is that editing this policy is tricky, troublesome, and difficult for J. Random User. He's entirely correct. People generally don't /want/ to be safe, until *after* they've been hurt. > I think > Javascript just prevents access to the filesystem, and normally forbids > access other than to the same host, port and protocol. Javascript provides access to the document, Java applets don't get that access (or if they do, I haven't seen how to do that yet). > I suspect that Google Talk is just normal AJAX, where the communication is > strictly back to the same server serving the webpage. Any kind of IRC > connection would then be coming from there. Yup. Run your browser application from the IRC (or IM) server. Or run a port-reflector on the web-server. Netcat is your friend. -- Default configurations should not be relied on too much. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
