A
Andrew Thompson
Now that I have your attention, I will admit it
only occurs with the MSVM.. No *please* don't
plonk this thread..
Their have been various threads recently that
reveal that people are still interested in
developing for the MSVM. I, on the other
hand, provide tools to 'detect and destroy'
the MSVM.
I am torn as to whether to encourage *any*
developers to code 'down to' the MSVM*.
The thing is, the safest build of the MSVM,
the 3810 build, will happily reveal the exact
location of the class files on disk**, the
Sun VM will not***.
( both images <20Kb )
** <http://www.physci.org/test/screenshot/clsmsvm.png>
The exact locations of all the classes
found is displayed for the user..
*** <http://www.physci.org/test/screenshot/clssunvm.png>
My applet politely, though inaccurately,
reports 'Missing' for the first two entries
(both Java core classes) of the Sun VM
display when it actually means "get the
SecurityAccessException 'outta here"..
AFAIR, the Symantec 1.1.5 JVM would not
even allow me to catch the exceptions.
The applet fails to appear.
...errr. if you have trouble with 'hotlinks' try..
<http://www.physci.org/test/screenshot/> and chase links.
I am not sure if this actually represents a
security hole, or whether it goes against any
stated spec by Sun. So, finally to my questions..
Does this ability to show the exact class
file locations represent a security hole
according to any document issued by Sun?
Does it violate the spec?
Is it (irregardless of the above two) a
security hole?
* hey.. I have nothing against 1.1/AWT,
though it is now becoming difficult to
lay your hands on suitable tools and
docs to work with 1.1.
only occurs with the MSVM.. No *please* don't
plonk this thread..
Their have been various threads recently that
reveal that people are still interested in
developing for the MSVM. I, on the other
hand, provide tools to 'detect and destroy'
the MSVM.
I am torn as to whether to encourage *any*
developers to code 'down to' the MSVM*.
The thing is, the safest build of the MSVM,
the 3810 build, will happily reveal the exact
location of the class files on disk**, the
Sun VM will not***.
( both images <20Kb )
** <http://www.physci.org/test/screenshot/clsmsvm.png>
The exact locations of all the classes
found is displayed for the user..
*** <http://www.physci.org/test/screenshot/clssunvm.png>
My applet politely, though inaccurately,
reports 'Missing' for the first two entries
(both Java core classes) of the Sun VM
display when it actually means "get the
SecurityAccessException 'outta here"..
AFAIR, the Symantec 1.1.5 JVM would not
even allow me to catch the exceptions.
The applet fails to appear.
...errr. if you have trouble with 'hotlinks' try..
<http://www.physci.org/test/screenshot/> and chase links.
I am not sure if this actually represents a
security hole, or whether it goes against any
stated spec by Sun. So, finally to my questions..
Does this ability to show the exact class
file locations represent a security hole
according to any document issued by Sun?
Does it violate the spec?
Is it (irregardless of the above two) a
security hole?
* hey.. I have nothing against 1.1/AWT,
though it is now becoming difficult to
lay your hands on suitable tools and
docs to work with 1.1.