From owner-freebsd-security  Tue Jul 25 11:49:40 2000
Delivered-To: freebsd-security@freebsd.org
Received: from federation.addy.com (federation.addy.com [208.11.142.20])
	by hub.freebsd.org (Postfix) with ESMTP id 8A6DF37B933
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jul 2000 11:49:35 -0700 (PDT)
	(envelope-from jim@federation.addy.com)
Received: from localhost (jim@localhost)
	by federation.addy.com (8.9.3/8.9.3) with ESMTP id OAA36976
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jul 2000 14:49:34 -0400 (EDT)
	(envelope-from jim@federation.addy.com)
Date: Tue, 25 Jul 2000 14:49:34 -0400 (EDT)
From: Jim Sander <jim@federation.addy.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: allow access of root user
In-Reply-To: <Pine.GSO.4.21.0007251321280.7703-100000@nova.fnal.gov>
Message-ID: <Pine.BSF.4.10.10007251430130.34848-100000@federation.addy.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Actually, if it is an applet (the one I've used is) then the java applet
> security model will keep them from sending anything to anyone except the
> host that served the applet.

   Good point- didn't think of that at the time, and in the situation that
prompted this discussion it would be effective. (unless your JVM
implementation was buggy in that respect) The general case, and
specifically the reference I gave, is different though- you specify the
host to connect to, so hopefully the programmer didn't log your info and
present it with his thesis. :)

-=Jim=- 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message