Security Flaws in the Hotjava Web Browser

نویسنده

  • Dan S. Wallach
چکیده

The growth of the Internet and the World Wide Web has led to demand for Web extensions, such as the ability to run server-supplied code on a Web client. We examine the HotJava Web browser and the Java language in which it is implemented. We demonstrate several attacks that compromise HotJava's security. Some of these attacks are made possible through browser code that fails to enforce access permissions, but can be easily xed. Others point to underlying tension between the openness desired by Web application writers and the security desired by their users. We discuss the interaction of application requirements and security needs and suggest how they can both be accommodated.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Java Security: Web Browsers and Beyond

The introduction of Java applets has taken the World Wide Web by storm. Java allows web creators to embellish their content with arbitrary programs which execute in the web browser, whether for simple animations or complex front-ends to other services. We examined the Java language and the Sun HotJava, Netscape Navigator, and Microsoft Internet Explorer browsers which support it, and found a si...

متن کامل

MiMi: A Java Implementation of the MicroMint Scheme

In this paper we describe an experimental implementation of the MicroMint micropayment scheme in Java. We apply this scheme to purchasing Web pages. A prerequisite was to accomplish this without having to change the code of either the Web server or the Web client. We discuss the implementation issues and security considerations. Our implementation requires the local protocol handler feature off...

متن کامل

A Browser Front End for CORBA Objects

We propose a URI scheme for addressing CORBA objects. A URI for an object not only identifies the object but may also optionally include the name of the method to be invoked on the object and the parameters required. We have implemented the URI scheme by extending Sun Microsystems' HotJava browser. With this kind of integration, different web services can be described using CORBA, thereby makin...

متن کامل

The Design of Distributed Hyperlinked Programming Documentation

HotJava is a World-Wide Web browser that adds dynamic behavior to hypertext access by supporting the downloading and execution of architecture-neutral, interactive applets from inside a Web page. HotJava is written in Java, a new object-oriented language and environment developed at Sun Microsystems. This paper describes the design of the documentation for Java's application programming interfa...

متن کامل

Towards Secure Web

The Web is now the dominant platform for delivering interactive applications to hundreds of millions of users. Correspondingly, web browsers have become the de facto operating system for hosting these web-based applications (web apps). Unfortunately, web apps, browsers, and operating systems have all become popular targets for web-based attacks, intensifying the need for secure web browsing sys...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 1995