undefined | Better HN

0 pointslxgr1y ago0 comments

> there are significant security benefits to the JVM running within the browser's WASM sandbox instead of directly on the host.

The JVM originally also had the goal of providing a security boundary, and even had a relatively complicated permissions/security model enforced via call stack inspection.

That security model was ultimately too complicated for developers to work with, but I don't think the sandbox itself was particularly insecure.

0 comments

1 comments · 1 top-level

jcranmer1y ago

My recollection is that the SecurityManager was notorious for being relatively easy to work around. Definitely one of the common questions people had when working on the richer HTML5 APIs was "how is your sandboxing going to be more effective than the Java applet model, given that that's known to be full of holes?"

j / k navigate · click thread line to collapse