[E-Lang] Java 2 "Security" (was: Re: Welcome
ChrisSkalkaand ScottSmith of Johns Hopkins)
Mon, 22 Jan 2001 12:22:07 -0800
At 10:48 PM 1/19/01 -0800, Mark S. Miller wrote:
>... In the computational world, we know we could build a
>perfect defense, but for our own confusion and stupidity.
For a while I worked on a language called Iptscrae. It is a scripting
language for mobile code in a chat system called The Palace. There are two
implementations, one in C and one in Java. One day, while reading the C
code, I noticed that a certain abuse of the language would allow a script
to store anywhere in application memory. (No, it wasn't a buffer overrun
either.) This failure did not exist in the Java version. (Instead the
Java version got an array IndexOutOfBoundsException.) Perhaps this is an
example of protection in depth.
In any case, I think audit trails are important. When a security failure
occurs, you need to be able to find out how it happened. Was it a failure
in the mechanism? Was the policy flawed? For this class of question,
audit trails are your friend.