This is the mail archive of the guile@cygnus.com mailing list for the guile project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
> But this is also why Java is not secure after all, as I understand > it. > > The Java security comes from the type system, but the bytecodes do not > carry as much information as the source code. Not individually, but the verifier does some non-trivial data flow analysis, so effectively, your statement is false. (I have written such a verifier, and it is available on the sourceware.cygnus.com site.) > So what can be verified > to hold of some lump of java source code cannot necessarily be > verified to hold of some other lump of bytecodes. I have no idea what is supposed to mean. > The Secure Internet Group at Princeton (or some such) has done quite a > bit research into this area, and their conclusion was that fundamental > changes to java are necessary if it is going to become a secure model > of computation, again in my somewhat limited and utterly biased > understanding. Perhaps, but I suspect they are not talking about type safety. Can we wind this discussion down? It is rather off-topic. --Per Bothner Cygnus Solutions bothner@cygnus.com http://www.cygnus.com/~bothner