From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.1 required=5.0 tests=BAYES_05,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,ea6b1f0ff507cd52
X-Google-Attributes: gid103376,public
From: Rick LaRowe <rlarowe@ecii.org>
Subject: Re: Netscape Software Flaw
Date: 1996/05/20
Message-ID: <31A05A44.7378@ecii.org>#1/1
X-Deja-AN: 155729385
references: <m0uKoOl-000289C@crash.cts.com>
to: "Robert C. Leif, Ph.D." <rleif@MAIL.CTS.COM>
content-type: text/plain; charset=us-ascii
organization: Enterprise Computing Institute
mime-version: 1.0
newsgroups: comp.lang.ada
x-mailer: Mozilla 2.0 (X11; I; SunOS 5.5 sun4m)
Date: 1996-05-20T00:00:00+00:00
List-Id: <comp.lang.ada>


Bob Leif referred to an article on Java/Netscape security problems, and then asked:

> Obvious question, would the use of Ada diminish the probabilities of this
> type of problem and increase the security of Internet communication?  If so,
> someone should communicate this to both John Markoff and Thomas Cargill.  I
> would suspect that Ada's strong typing and runtime checking would help in
> the detection of misbehaving programs.

If you are suggesting the use of Ada for writing applets (via Intermetrics'
AppletMagic), then this really doesn't solve anything but accidental errors.
The real concern with Java and Netscape right now is that there are quite a
few security holes that enable clever, malicious folks to "attack" machines
on the net.  Being able to write an applet in Ada isn't going to affect an
attacker, since s/he will write in raw JVM byte codes if necessary.  That said,
it is fairly obvious that security must be enforced at the JVM level.

If what you were referring to was a whole new Java/JVM/Netscape implementation
scheme, then that's an entirely different thing.  And while I think Ada might
help quite a bit in this area, I think that the biggest thing that can be added
to the pot is the use of formal design methods to ensure a secure execution
environment.

Regards,
Rick LaRowe
------------------------------------------------------------------------------
Enterprise Computing Institute                 internet: rlarowe@ecii.org
1 Ash Street                                   phone: (508) 435-1900 x15
Hopkinton, MA 01748                                   (508) 435-2176 (fax)
------------------------------------------------------------------------------