This is the mail archive of the guile@cygnus.com mailing list for the guile project.
| Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
|---|---|---|
| Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
>>>>> "Per" == Per Bothner <bothner@cygnus.com> writes:
Per> The way you write this misleadingly suggests that Java security
Per> depends on the compiler. It doesn't. It depends on the *verifier*,
Per> which does an analysis of the bytecode, normally when a class is loaded.
But this is also why Java is not secure after all, as I understand
it.
The Java security comes from the type system, but the bytecodes do not
carry as much information as the source code. So what can be verified
to hold of some lump of java source code cannot necessarily be
verified to hold of some other lump of bytecodes.
The Secure Internet Group at Princeton (or some such) has done quite a
bit research into this area, and their conclusion was that fundamental
changes to java are necessary if it is going to become a secure model
of computation, again in my somewhat limited and utterly biased
understanding.
---------------------------+--------------------------------------------------
Christian Lynbech | Telebit Communications A/S
Fax: +45 8628 8186 | Fabrik 11, DK-8260 Viby J
Phone: +45 8628 8177 + 28 | email: chl@tbit.dk --- URL: http://www.telebit.dk
---------------------------+--------------------------------------------------
Hit the philistines three times over the head with the Elisp reference manual.
- petonic@hal.com (Michael A. Petonic)