Re: signed applets a solution --maybe!

[Bennett Todd <bet () rahul net>]

On Mon, Dec 15, 1997 at 07:01:34PM -0500, Hal wrote:
> Here's my problem: A web page comes into my system and with it three
> objects: one is java [...] another VB [...] and the third is [...]

Indeed, if you're in a setting requiring any kind of serious security,
that is your problem; chunks of java, VB, and so on shouldn't come in to
your system; they should be stopped at the firewall.

> [...] There is a growing body of users who suspect the merits of a
> firewall. They are web users and firewalls get in their way because it
> prevents their arbitrarily using any port at any time. An increasing
> number of web services ordinary and not so ordinary are feeding this
> trend.

Where people are web users --- e.g. at ISPs, at internet information
service bureaus of various sorts, etc. --- the security policy is
necessarily different; you don't try to secure the desktops at all,
instead they lie in a ``sacrificial'' net, which would be the DMZ in a
more conventional setting. Internal business data machines and anything
else requiring serious protection will of course lie behind a strong
(i.e. application-proxy) firewall with a very strict policy, but people
who are web users (as opposed to traders, or systems administrators, or
admin staff, or other sorts of jobs) should definitly have no barriers
between their desktops and the internet.

Out of curiousity, how many professional web users are there these days?
I hadn't really thought about it, but I guess that's probably a very
fast-growing field these days. We don't have any at my company today,
but I imagine we will before much longer.

-Bennett