[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Fwd: On sandboxes, and why I ... don't care.
From: coderman <coderman () gmail ! com>
Date: 2006-03-30 10:46:15
Message-ID: 4ef5fec60603300246s22b5448ck8814e438efc29676 () mail ! gmail ! com
[Download RAW message or body]
On 3/30/06, michaelslists@gmail.com <michaelslists@gmail.com> wrote:
> Just because no-one has told you, or you haven't seen it doesn't mean
> it doesn't happen.
amen. what's the cost if you are wrong? (the likely case over a
sufficient period of time against motivated attackers)
that artificial security flavoring is only reassuring while the luck
continues...
> It's pretty concerning to me, as a java programmer, that the verifier
> is off by default and hence any jar running can run free or the
> contraints I've tried to enforce. Or that another j2ee app could
> possibly be viewing the data I was processing in a shared-hosting
> environment.
in a shared processing environment you have bigger concerns, but i do
agree this is disturbing if your system was designed to operate in
privacy.
> And further, if your code _doesn't_ run properly with the verifier,
> then what the hell are you doing?
probably coding like the other 97% of the planet. (now that's
_really_ concerning)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic