On Saturday 22 Jun 2013 14:08:00 Zwiebelcode wrote: > If java would be more secure, then a decentral webserver would be > nice... users upload java classes into freenet und freenet is spreading > it to the network... and then some users execute to class files with > restricted java policies. > > Or more easily: Lets allow java applets on client side. These java > applets could be more restricted than normal applets. And then make an > api for those applets, where the applets can fetch or upload chk, ssk, > ssk,... > > just another thought :-)
Unfortunately, even if we assume Java's sandboxing code works (it breaks regularly), building a sandboxed API for Freenet that doesn't allow bad things is really hard. For example, just the ability to insert and request, and time those requests, is enough for a malicious applet to discover a great deal about the user: Roughly where they are on the network, what they have in their client cache (i.e. what they download / what forums they follow), etc. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20130629/6ded4173/attachment.pgp>
