Secure Coding mailing list archives
By default, the Verifier is disabled on .Net and Java
From: dinis at ddplus.net (Dinis Cruz)
Date: Fri, 12 May 2006 09:49:34 +0100
Gary McGraw wrote:
The switch from "applets vs applications" security to "trusted code vs untrusted code" happened with the introduction of jdk 1.1 (way back when). Ed and I followed the sun marketing lead in 96 when it came to applets vs applications, but we cleared this up later in Securing Java www.securingjava.com.
well somebody at Java must have missed this memo (and in Microsoft too) since the only code that both Java and .Net don't trust is code executed from directly from the Internet into a Browser (and only if using the default policy, something that Microsoft with the 2.0 changes to the 'Click Once' system made very easy to bypass) Dinis Cruz Owasp .Net Project www.owasp.net
Current thread:
- By default, the Verifier is disabled on .Net and Java, (continued)
- By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 04)
- By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 03)
- By default, the Verifier is disabled on .Net and Java Michael Silk (May 04)
- By default, the Verifier is disabled on .Net and Java Gary McGraw (May 04)
- By default, the Verifier is disabled on .Net and Java David Eisner (May 04)
- By default, the Verifier is disabled on .Net and Java Stephen de Vries (May 04)
- By default, the Verifier is disabled on .Net and Java Gary McGraw (May 05)
- By default, the Verifier is disabled on .Net and Java Wall, Kevin (May 08)
- By default, the Verifier is disabled on .Net and Java Gary McGraw (May 08)
- By default, the Verifier is disabled on .Net and Java Gary McGraw (May 09)
- By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 12)
- By default, the Verifier is disabled on .Net and Java Jeff Williams (May 11)
- By default, the Verifier is disabled on .Net and Java Michael Silk (May 11)
- By default, the Verifier is disabled on .Net and Java David Eisner (May 11)
- By default, the Verifier is disabled on .Net and Java Michael Silk (May 11)
- By default, the Verifier is disabled on .Net and Java Gary McGraw (May 13)
- Message not available
- By default, the Verifier is disabled on .Net and Java Dinis Cruz (May 14)
- By default, the Verifier is disabled on .Net and Java Michael Silk (May 14)
- Message not available
- By default, the Verifier is disabled on .Net and Java j lunerwood (May 14)
- By default, the Verifier is disabled on .Net and Java leichter_jerrold at emc.com (May 15)