JDK 1.2 Security disappointment

Jerry Seeger (jseeger@peoplepost.com)
Tue, 08 Jun 1999 16:32:24 +0100

Date: Tue, 08 Jun 1999 16:32:24 +0100
From: Jerry Seeger <jseeger@peoplepost.com>
To: java-security@java.sun.com
Subject: JDK 1.2 Security disappointment

Some time ago I submitted a bug report/design change request for
security and I recieved a nice message in return encouraging me to
migrate to Java 2 as the problem was already addressed there. I have
been reading up recently, and I find that this is not the case.

My plea to you is that as you develop your security mechanisms, do not
forget the consumer. There is NO WAY that joe consumer is going to Set
up his browser to grant required permissions as described in step 3 of
the example shown at http://java.sun.com/security/signExample12/

Some day I hope to use your security model, but for now I can't. Until
you make it possible for a user to grant permissions to applets simply,
I can't even endorse your methodology over those used by Microsoft and
Netscape, flawed as those may be. Therefore, I cannot use the Plugin,
and must debug on multiple VMs, and I cannot run at all on the Mac.

You guys make great stuff, but Microsoft understands the consumer. If it
is not EASY TO USE, your VM will fail in the marketplace. It's that
simple.

Jerry Seeger
Director of Software Engineering
BinaryLabs, Inc.
jseeger@binarylabs.com