Here's a joke:
"Scientists in France have invented a new pill that has all the medicinal benefits of wine without any of the alcohol. It's called a grape."
And here's the new version:
"Netscape has implemented a new security feature in Communicator that will allow Java applets to run outside of the sandbox and interact with the user's system. It's called ActiveX."
Only it's not a joke.
Under a new "flexible" security model, Java applets are freed from the so- called Java sandbox, which prevents them from interacting with the user's machine and remaining persistent. Currently, every time you refresh or reload a Web page, any Java applets on the page need to be reloaded as well. The new version of Communicator, due this week, will use this new security model.
The irony is obvious: a week after bashing the ActiveX security model at JavaOne, the company has done nothing short of adopt it with open arms for Java. When ActiveX offered this model, it was called "risky and dangerous." For Java, it's called "flexible." Also of note: Microsoft's Internet Explorer has allowed Java applets to run outside of the sandbox since last year. Of course, Microsoft also offers the Authenticode security feature that alerts users whenever an uncertified applet or ActiveX control is about to be downloaded. Communicator will use a similar "applet signing" feature to offer security features similar to Microsoft's Authenticode signing system for ActiveX controls and Java applets.
"It's typically hypocritical of Netscape to criticize Authenticode when they are building exactly the same mechanism into Communicator," said Cornelius Willis, a director of platform marketing at Microsoft