Java security: from HotJava to Netscape and beyond

  • Dean D
  • Felten E
  • Wallach D
  • 50


    Mendeley users who have this article in their library.
  • 96


    Citations of this article.


The introduction of Java applets has taken the WorldWide
Web by storm. Information servers can customize the pre-
sentation of their content with server-supplied code which
executes inside the Web browser. We examine the Java lan-
guage and both the HotJava and Netscape browsers which
support it, and find a significant number of flaws which
compromise their security. These flaws arise for several
reasons, including implementation errors, unintended inter-
actions between browser features, differences between the
Java language and bytecode semantics, and weaknesses in the
design of the language and the bytecode format. On a deeper
level, these flaws arise because of weaknesses in the
design methodology used in creating Java and the browsers.
In addition to the flaws, we discuss the underlying tension
between the openness desired by Web application writers and
the security needs of their users, and we suggest how both
might be accommodated.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document


  • D. Dean

  • E.W. Felten

  • D.S. Wallach

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free