If Java succeeds as the Internet language, it will have to provide a workable and effective security system. The reason is simple: How many people would risk running an applet from some unknown Web site if the applet could destroy their hard disk, make it look as though they'd sent threatening mail to the President, or steal their passwords? Even if individuals would take this chance, companies would not, because a poorly secured Java applet could destroy the effectiveness of their own system's firewalls.
Local machine A runs a hostile applet that it downloads from the evil Hostile Applet Server, which resides somewhere out on the Internet-perhaps in Chernobyl. That applet opens a network connection to machine C, which contains valuable corporate secrets-like the toupée vendor the boss uses-and steals all of the data, which it sends back to the Hostile Applet Server. While it's doing all this, the poor idiot working on machine A thinks he's just playing some game.
Essentially, the firewall couldn't distinguish a Java applet running on an internal machine from a user using a browser on the same machine. As a result, the firewall wouldn't stop the applet from reading files from a company's machine and sending them to some other company's machine-not too good from a security perspective. Even worse scenarios arise if a Java applet can write files on the client system. The potential for Trojan horses and viruses would be unlimited. Clearly, people wouldn't be willing to wander around the World Wide Web as they currently do if any site could inflict this type of damage.
The bottom line is that, if Java weren't designed to provide security, the probability of anyone using it on the WWW would be fairly small.
| Note |
A firewall is a computer that controls the flow of information between the Internet and a company's internal networks. Its mission is to let the folks on the inside access any information they need on the Internet while preventing folks on the outside from seeing what's on the company's computers. As a result, machines on the Internet can't establish connections with machines behind the firewall, but machines behind the firewall can establish connections with machines outside the firewall. Remote users can get behind the firewall if they have the appropriate security software/keycards-a daunting task even if you're authorized. |
Local machine A runs a hostile applet that it downloads from the evil Hostile Applet Server, which resides somewhere out on the Internet-perhaps in Chernobyl. That applet opens a network connection to machine C, which contains valuable corporate secrets-like the toupée vendor the boss uses-and steals all of the data, which it sends back to the Hostile Applet Server. While it's doing all this, the poor idiot working on machine A thinks he's just playing some game.
Essentially, the firewall couldn't distinguish a Java applet running on an internal machine from a user using a browser on the same machine. As a result, the firewall wouldn't stop the applet from reading files from a company's machine and sending them to some other company's machine-not too good from a security perspective. Even worse scenarios arise if a Java applet can write files on the client system. The potential for Trojan horses and viruses would be unlimited. Clearly, people wouldn't be willing to wander around the World Wide Web as they currently do if any site could inflict this type of damage.
The bottom line is that, if Java weren't designed to provide security, the probability of anyone using it on the WWW would be fairly small.
| Note |
A Trojan horse is an application that pretends to be useful but actually performs some bad actions on a computer. An example might be a program that is supposed to be a freeware word processor but which actually erases your hard disk. Trojan horses are different from the products of software companies in that they are designed to cause problems. |
No comments:
Post a Comment