Gary McGraw wrote:
Btw, bill also said they tried twice to build an OS on java and failed both
times. We both agree that a type safe OS will happen one day.
Did he ever articulate what happened to these OS's? I recall a
presentation at OSDI 1996 by a Sun executive talking about JavaOS and
Dinis,
Sandboxing prevents a machine from having bad system() and buffer
overflows causing system compromise. Sure that's bad enough. However,
sandboxing does not prevent:
* all types of cross-site scripting
* SQL injection
* Command injection via SQL injection (xp_cmdshell and similar