Java Implentations

Chad Schieken (cschieke@advsys.com)
Tue, 15 Sep 1998 09:12:29 -0400 (EDT)

Hello,

I've done a little research and it appears that to date most Java
implementations have had some problems with regard to security flaws. The
most popular examples are the Netscape and Microsoft browser
implementations.

Is your team aware of problems with problems (past or present) with
implementations inside of web servers? For example the Netscape
Enterprise server allows the installation of Java applications/serverlettes
to handle specific web requests.

Other webservers use similar technology. My concern is that my
web developers may fall into a false sense of security by writing
server side applets and not take the appropriate steps to protect the
applet from hostile input. I'm looking for an example of a Web server
implementation that is flawed to prove that even with Java, with
strict bounds checking, and immutable strings, exploits are possible
due to weaknesses in the implementation.

I understand that this case is somewhat different from browsers where
foriegn code is executed.

Thanks for any help you might be able to provide.

Thanks,
Chad

+---------------------------------------------------------------+
|Chad Schieken | Voice: 609.987.7659 |
|Advanced Systems Consulting, Inc.| Fax: 609.987.7615 |
|Marlton, NJ 08053 |E-mail: chad@advsys.com |
+---------------------------------------------------------------+