Security and the Web

Last revised $Date: 1998/05/30 07:19:26 $ (GMT)


General Web Security Information

See Lincoln Stein's highly-regarded The World Wide Web Security FAQ. This document is recommended for all Web users, and it should be considered a must-read for CGI script authors and Web masters.

CGI Scripts


"Java" is an object-oriented programming language invented by Sun Microsystems. It is designed to be platform- and CPU-independent.

Note: Do not confuse Java with Netscape's JavaScript; they are entirely different.

Java "applets" are Java programs that are loaded over a network. In the context of the Web, applets are downloaded from Web servers and are executed by the user's Java-enabled browser. It is important to understand that applets run on your own machine and with your own account and access permissions. From a security standpoint, this is very different than CGI scripts, which run on the server machine under some system account.

Applets are designed to run with greater security constraints than Java programs that are loaded from the computer's own filesystem. However, there have been many problems with the security of actual Java implementations, including Netscape's. Because of thse problems, we recommend that you disable both Java and JavaScript in your Netscape browsers. If they are not disabled, it is important that you restrict your "surfing" to pages and sites that you know and trust. (As of October, 1996, this recommendation applies to all current Java- or JavaScript-capable Netscape browsers.)

Java References

SLAC Welcome Highlighted Home Detailed Home Search

[ Computing Security at SLAC | SLAC WWW Support | Computer Networking ]

[ Feedback ]

John Halperin