[wellylug] javascript
V K
list0570 at paradise.net.nz
Thu Aug 1 22:00:33 NZST 2002
> > outlook express (which only people who don't care / know do). Browsing
> > with javascript on is a security risk and should therefore be avoided.
> > If you must, you get what you described.
>
> Why is it any more so than browsing with, say, HTML rendering turned on?
Is that a serious question?
With html, all you can do is muck up some screen pixels, or trace the
viewer indirectly by linking to spy-images (these are often 1x1 pixel
gifs, their only purpose is to let the site owner know that you viewed
the page). It's not possible to steal data from your disk or damage
files.
With javascript, oh boy, keep in mind that you are executing an unknown
program on your computer. Would you just download any binary from the
web / friends / etc and run it on your box? Clearly not, only
Microsofties do that.
Of course, there is supposed to be a safety-shell around the javascript
programs. Does it work? Does it hold? Do you know? There have been
cases where the javascript implementation was faulty and allowed
malicious code to steal things from your disk (this includes cookies to
which this page should not have access). Executing other programs on
your computer is also a possibility (IIRC). Plus all those obnoxious
popups...
Volker
--
Volker Kuhlmann is possibly list0570 with the domain in header
http://volker.orcon.net.nz/ Please do not CC list postings to me.
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Access your PC just like Web Mail
http://us.click.yahoo.com/r5uw2C/zncEAA/Ey.GAA/0XFolB/TM
---------------------------------------------------------------------~->
.-. Wellington
/V\ Linux
// \\ Users
/( )\ Group
^^-^^
http://wlug.paradise.net.nz/
To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
More information about the wellylug
mailing list