[MUD-Dev] Java and Javascript

Jon Leonard jleonard at divcom.umop-ap.com
Wed Feb 18 16:08:44 CET 1998


On Wed, Feb 18, 1998 at 01:15:17AM +0000, Chris Gray wrote:
> The security issues with Java are normally aimed at protecting the server
> from the client. So, typically they are not a concern for users of the
> client software. The same with a MUD. True, a Java application can write
> to your local disk, etc., but so can any other piece of someone else's
> code that you run as a client. At least with Java, you have the protection
> that Java offers to your server, which is likely better than what most
> people could come up with by themselves.

The purpose of the Java applet (as opposed to application) as I understood
it was to protect the client, not the server.

The server is capable of protecting itself.  It needs to be, since it can
be attacked by programs over which it has no control.  The fact that it
provides the official client helps the normal usage, but doesn't provide
any security.

The client, on the other hand, is being asked to run code from a source
that it doesn't trust.  Keeping the applet from writing viruses to your
disk, revealing your secrets, or using your machine as a springboard to 
attack other systems is a good idea.

For a MUD, the client should really be designed so that the server can't
exploit it, and the server should be designed to be secure no matter what
it gets sent.  This is a difficult task...

Jon Leonard



More information about the mud-dev-archive mailing list