Secure Coding mailing list archives
RE: Re: Java sandboxing not used much
From: "Alun Jones" <alun () texis com>
Date: Fri, 12 Mar 2004 00:12:10 +0000
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Cheswick Sent: Thursday, March 11, 2004 2:04 PM User client-level applications should come with recommended sandbox.conf files that will contain them appropriately. There's already a shortage of systems and network security people, and this stuff should be as easy as possible.
Ah, but that has its own problem, as everyone relies on the sample files, and certain settings are known to be the same - like having everyone's Windows system installed at "C:\WINDOWS", using sample configuration files unchanged is often as much a source of security problems as it is a means of reducing confusion. Alun. ~~~~ -- Texas Imperial Software | Find us at http://www.wftpd.com or email 1602 Harvest Moon Place | [EMAIL PROTECTED] Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.
Current thread:
- Re: Java sandboxing not used much Bill Cheswick (Mar 11)
- RE: Re: Java sandboxing not used much Alun Jones (Mar 11)
- <Possible follow-ups>
- RE: Re: Java sandboxing not used much Jeremy Epstein (Mar 11)