View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
September 15, 1998


By CBR Staff Writer

Li Gong, chief architect and distinguished engineer for Sun Microsystems, has repudiated criticism of Java as insecure, and has clarified the new security models in a recent version of the platform-independent programming language. Originally, Java’s ‘sandbox’ model meant that applets could not open local files or make connections. After a while it became clear that while on the one hand this model is simple and comfortable, on the other hand, people sometimes want to customize their applets, Gong said. That’s why, in version 1.2 of Java, Sun introduced the concept of secure policy management. This means that the boundaries of the sandbox are flexible and can be reset. I sympathize with the people who have fears about Java security, Gong confesses. In practice, I can’t give a mathematical or logical proof that Java is secure. But before you go and buy whatever product is being advertised to stop Java, you might want to think about the ActiveX, email and PostScript content you use every day. Among them, Java is quite likely to be the most secure because the others do not even think about security. In addition, the source code to those technologies has not been published, meaning they have not been subjected to the same degree of peer review Java has had to endure, Gong says. New versions of Java are likely to update network protocols where Sun now admits support is deficient, notably in the cases of HHTP 1.1 and SOCKS 5. Sun is also looking to add support for IPv6, IPSec, multicast and RSVP. We want to provide high level APIs that encapsulate features like an authentication function. We want to be able to solve single sign on as it relates to the Java platform, Gong says. These are the sorts of issues we pay a lot of attention to. That’s why it might take longer for us to issue one of our APIs, whereas some companies just throw a few things together. In concluding, Gong told developers they could expect the next major Java road map at the JavaOne conference in March or April 1999.

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy