Bill Stewart (bill.stewart@pobox.com)
Mon, 06 Apr 1998 08:38:40 -0700
At 11:27 PM 4/5/98 -0700, Stephen Dennis wrote:
>Of course, there are pros and cons to both: A perfectly safe padded-room
>may not be particular useful in all the ways traditional applications
>are. A java word processor would need the ability of either: reading
>files on your hard drive (security risk), -or- face the performance
>penalty of storing those files on the server (who already has your
>credit card number because you are paying them for server space or for a
>service that includes server space).
>
>On the other hand, a signature approach doesn't even try to -guarantee-
>that nothing bad will happen ... only that if something bad does happen,
>you know who is liable. And of course, liability is only useful when you
>have a country with fairly good access to adjudication, and now I think
The difficulty with signature approaches is that any competent
malefactor will erase the logfile indicating who signed the
malicious chunk of code. On 95 there's not much you can do to
stop them; NT does make it a bit harder.
Thanks!
Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:54 ADT