-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 29.06.2013 13:54, schrieb Matthew Toseland: > On Saturday 22 Jun 2013 14:08:00 Zwiebelcode wrote: >> If java would be more secure, then a decentral webserver would be >> nice... users upload java classes into freenet und freenet is spreading >> it to the network... and then some users execute to class files with >> restricted java policies. >> >> Or more easily: Lets allow java applets on client side. These java >> applets could be more restricted than normal applets. And then make an >> api for those applets, where the applets can fetch or upload chk, ssk, >> ssk,... >> >> just another thought :-) > > Unfortunately, even if we assume Java's sandboxing code works (it breaks regularly), building a sandboxed API for Freenet that doesn't allow bad things is really hard. > > For example, just the ability to insert and request, and time those requests, is enough for a malicious applet to discover a great deal about the user: Roughly where they are on the network, what they have in their client cache (i.e. what they download / what forums they follow), etc. >
yes, i forgot about these problems -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQEcBAEBAgAGBQJRzsz/AAoJEFCTkZ2uNzgrlJ4IAJuokotEGN48YJ+ewUr8ThI/ Tiyl5QOiXrAZ7c6r1ozVcmaB2AcDOMt6grEfZ6LeOYtcqTchujAWhISqFkgbph6r xTxgkr2STEnrqVKgTgQcyX3FUWJ2xLnIcAsJj7T/ySZm2NMUYpG3mbBYqix2xt9c a8Idb+FTm6RfZhYZNkK3aOymgd/a5ADLcqJgz2THnq5uq0JTiXTfQk6Gi+op/nUF dpTJDoo6doN+hoZD2d6ZDx3KlX849EM1Y1CkrYYrgjphOFa2rJJKZQzcH6RRwIv1 Q8mnjfbutCe6dzPNdmgM0xdF7PhnYeL6CKx/U6jHnmOmFgGRRJeKvbrcYdZea28= =izw6 -----END PGP SIGNATURE-----
