Re: Holes in the Java sandbox

Richard M. Smith (rms@pharlap.com)
Sat, 14 Feb 1998 14:24:56 -0500

Date: Sat, 14 Feb 1998 14:24:56 -0500
To: David.Brownell@Eng (David Brownell), gong@games.eng.sun.com
From: "Richard M. Smith" <rms@pharlap.com>
Subject: Re: Holes in the Java sandbox
In-Reply-To: <199802121939.LAA06885@argon.eng.sun.com>

David,

Eudora has a bunch of problems when it comes to
security issues. For example, its the only Email
reader that I know that will run .EXE and batch
file attachments with a double-click of a mouse.
Other Email readers either never allow .EXE files
attachments to be executed or put up a big
warning message pointing out the dangers of
attached files.

What I would like to see Qualcomm do is to not
execute embedded JavaScript, ActiveX controls,
and Java applets in HTML Email messages.
I don't see an utility in automatically executing programs
in Email messages. Unfortunately Eudora
has no option to turn off JS, Java, and Activex
in Email messages. This instead has to be done
in IE4 which means I'll loose JS, Java, and ActiveX
in Web pages. Eudora really needs separate
security settings from the browser.

On the issue of the EDUDORA.INI file being corrupted,
I am not sure what to say. I really don't have the time
to see what is wrong in the file. I am not sure if
Eudora corrupted the file or Windows 95 did.

Richard

At 11:39 AM 2/12/98 -0800, David Brownell wrote:
>At least one of the problems was clearly a Eudora bug,
>too -- that one where its init file was garbaged.
>
>- Dave
>