On 09/29/2010 11:45 PM, Gregg Wonderly wrote:
For myself, the primary consideration is whether the arguments in RPC calls are actually "downloaded classes" vs "downloaded data". In the simple sense, "downloaded classes" are "downloaded data".
I agree with you. A downloaded class is a specialization of downloaded data. Or maybe even not, but lets not go there.
In general terms, a class has more degrees of freedom than data. Because a class is executed by a turing complete state machine and most of the time the machine executing data is less complete.
My personal view on this matter revolves around the burden it puts on the user. When i download code and run its installer, i trust the code to well behave. When i run the installer i make one big trust decision. I can audit the files installed if i'm really paranoid, or a security researcher. When i run my jini application, it connects to some registry, downloads a jar into memory and executes it. This jar can be same as yesterday or it might not. I can't tell. Does it perform the same function?
The basic components are the same, but i see distinct differences. Do you see this agility to take off in a corporate environment?
Gr. Sim
