You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fop-dev@xmlgraphics.apache.org by Sean Champ <sy...@email.msn.com> on 2000/02/28 03:43:15 UTC

Advisory note: Security-leak for Java on MS (&tm;) windows

here's the article about it:
 http://javaboutique.internet.com/articles/IESecurity/

<excerpt>
This security vulnerability can be attributed to the integration of the IE
browser with the OS (Windows Explorer), thus allowing IE to perform
operations which can otherwise only be performed with Windows Explorer.

<break />

...IE treats windows executables (exe) in a different way, giving a security
warning, and also specifying the authenticity of the source, if any.
Similarly, JAR files are also executables. However no security checks are
performed when they are ported and executed across a network

</excerpt>

from my understanding of it,  it seems that the patch would simply be to
register the JAR files with something other than whatever they might be
registered with on whatever such (OS-impaired?) machines.  in such a case, a
*.reg file should suffice :)