Basic HTML version of Foils prepared April 7 1998

Foil 12 Downloading Software is Dangerous?

From Basic Principles of Java and Internet Security CPS616 Web Technologies -- Spring 98. by Geoffrey C. Fox

1 So Java applets are actually safer than downloading C C++ or Java Applications as applets cannot access the local disk (unless there is an implementation bug!)
2 However Applets are so much easier to download as they happen automatically when the HTML page containing them is accessed. Thus they need much stronger security
3 Note that one typically assumes that downloading from a site such as Netscape MIT or Microsoft is safe but this can be spoofed due to internet routing!
4 Note that plug-ins are such C/C++/Java code and subject to security difficulties
  • A Macromedia Shockwave plug-in had a bug that allowed one to use it to read information on client computer and so violate (at least) confidentiality
5 Correct!
6 Rogue Site substitutes Evil Program

in Table To:

© Northeast Parallel Architectures Center, Syracuse University,

If you have any comments about this server, send e-mail to

Page produced by wwwfoil on Mon Apr 6 1998