From: Matt Gingell (mjg223@is7.nyu.edu)
Date: Sun Apr 30 2000 - 16:34:18 MDT
On Sun, 30 Apr 2000, Michael S. Lorrey wrote:
>Additionally, there is no problem with making a runtime that disallows
>(or allows the user to disallow) certain types of system functions, just
>as Java does. So the only security hole is due to the release of an
>unready implementation. That is a typical Microsoft fault, premature
>releasing things. I'm sure that many of those suffering from Bill-envy
>will extend that failure to his personal life.
It's quite a bit deeper than that. The ActiveX security philosophy is based on
authentication certificates - you trust the program because you know who the
author was. In Java, you trust the program because it runs in an emulated sand
box and can not possibly do things the vm won't let it do.
What an ActiveX program can do isn't a function of the ActiveX runtime, it's a
function of what the operating system does when an executable program accesses
one of the kernel interfaces. So far as I know, there's no system in Win95
for running programs with some particular set of privileges. Making ActiveX
programs as safe and flexible as Java programs would require a substantial
amount of operating system support, and it's a bit misleading to suggest 'the
only security hole is due to the release of an unready implementation.'
-matt
This archive was generated by hypermail 2.1.5 : Fri Nov 01 2002 - 15:28:19 MST