AntonBoer wrote:The same naive security model applies to just about anything signed and downloaded; not just to Java Applets.
Thank you for your swift reply.
Unfortunately your answer reflects to my worst fears. Frankly I find this security model naiive. Anyone with euros can get their applet signed so that is no security control at all.
Working for a corporate IT how I am supposed to allow Java installations on any of our computers with internet access? That automatically means I am providing them as platforms to whoever wishes to run Java code on them (given that the user of course visits the web site). I would have expected Sun to put more effort into this but it appers nothig have changed in this regard for 10 years.I don't see this as a Sun problem; it is indicative of what I consider to be a general security weakness for all computer systems. For example, for Windows, Vista just added more user involvement in the trust process but it still allows programs to run pretty much unconstrained if the user agrees to them running.
AntonBoer wrote:Sun do more than most to create a secure environment and have done for more than 10 years. If Sun added more security than others than they would be at a disadvantage since products written in Java would be seen as less user friendly than the others.
Thank you for your comments. For most part I agree. However, I do consider this is Sun's problem as long as they are the ones providing the Java technology. Having other bad examples does not justify anything. Ok, so they are not doing worse than the competition but is that anything to aim for?
I appreciate what you wrote about added complexity but in my view that is no reason why Sun should not provide corporate ITs with adequate security tools while presenting simplistic choises to regular users.I don't see this as Sun's responsibility.