Re: DII COE bars Ada -> Java compilation

comp.lang.ada
 help / color / mirror / Atom feed

From: Wes Groleau <wwgrol@ftw.rsc.raytheon.com>
Subject: Re: DII COE bars Ada -> Java compilation
Date: 2000/04/14
Date: 2000-04-14T00:00:00+00:00	[thread overview]
Message-ID: <38F79103.72EEE575@ftw.rsc.raytheon.com> (raw)
In-Reply-To: 8cm9e5$9el$1@nnrp1.deja.com


> : And in fact, one security report I read described a security hole that
> : could be exploited by a byte-code assembler but which was prevented by
> : a "correct" Java compiler.
>
> I suspect this same "security expert" would also say your house was
> safe if burglars would use only "approved" breaking and entering tools
> <g>.

See http://www.cs.princeton.edu/sip/ and decide for yourself 
how "expert" these guys are.

-----------------

> > And in fact, one security report I read described a security
> > hole that could be exploited by a byte-code assembler but
> > which was prevented by a "correct" Java compiler.
> 
> But that is the function of the byte code verifier. Obviously
> unverified code is risky no matter *what* the source. One
> certainly has far more faith in the verifier than in *any*
> compiler.

Correct.  My point was:

1. The byte-code verifier apparently is NOT enough 
   for security.

2. For DoD to trust the JVM for security instead of
   conducting adequate reviews and tests would be
   just as  stupid as claiming Java is the only
   secure language.


-- 
Wes Groleau
http://freepages.genealogy.rootsweb.com/~wgroleau

next prev parent reply	other threads:[~2000-04-14  0:00 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2000-04-05  0:00 DII COE bars Ada -> Java compilation Marc A. Criley
2000-04-05  0:00 ` Robert Dewar
2000-04-05  0:00 ` Robert Dewar
2000-04-05  0:00 ` Robert A Duff
2000-04-05  0:00   ` David Starner
2000-04-05  0:00 ` Ted Dennison
2000-04-07  0:00   ` Wes Groleau
2000-04-07  0:00     ` swhalen
2000-04-08  0:00     ` Robert Dewar
2000-04-14  0:00       ` Wes Groleau [this message]
2000-04-06  0:00 ` Marc A. Criley
2000-04-07  0:00   ` Robert I. Eachus
2000-04-07  0:00 ` Richard D Riehle
2000-04-07  0:00   ` Wes Groleau
2000-04-19  0:00   ` Robert Munck
2000-04-19  0:00     ` Robert I. Eachus
2000-04-20  0:00     ` Geoff Bull
2000-04-20  0:00       ` Hal Hawley

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox