Date: Mon, 24 Aug 1998 11:47:28 GMT
Message-Id: <199808241147.LAA15996@web4.java.sun.com>
From: <tony.tipping@ewos.com>
To: java-security@java.sun.com, webmaster@java.sun.com,
Subject: JSECURITY Issue: Innaccurate info. on Java security?
Name: Tony Tipping
Email: tony.tipping@ewos.com
Organization: EWOS
Phone Number: +44 (0)1764 655 522
Location: Europe
System: Win95
Referring URL: http://java.sun.com/sfaq/
I am Notes/Domino developer and a novice programmer with experience of Basic & VB just starting to get really interested in Javascript and Java programming. In the course of reading books, articles etc. relating to Java I keep coming across text warning Internet users and corporate WAN managers to guard against "malicous ActiveX and Java code which might be encountered."
I have read enough to understand that ActiveX, despite the apparent blind hysterical love affair the world appears to have with Microsoft, is a seriously risky language, but Java? I have read your web pages and (sane) 3rd party articles on the Sandbox Security Model and it appears to be that applets downloaded by a browser are totally safe. Am I correct? I understand that if I download an applet and run it locally there are different risks, but I am mighty confused as to why Java code is dangerous as an embedded web page applet.
If I am correct and web-page Java applets are safe, what are all these writers on about? It appears to me that Sun has done everyone a big favour developing Java so I am mystified as to why there is so much hype for VB and ActiveX when (Netscape's) Javascript and Sun's Java are so good.
Please can you let me know if I have missed something. And if I haven't, what can Sun and the rest of us do to point out that, actually, the Emperor Gates isn't wearing any clothes....