Date: Tue, 17 Jul 2001 19:06:30 -0500 From: Mike Meyer <mwm@mired.org> To: David Kelly <dkelly@hiwaay.net> Cc: questions@FreeBSD.ORG Subject: Re: ARRGH Netscape stinks! Message-ID: <15188.54022.876036.338916@guru.mired.org> In-Reply-To: <20010717115346.A18795@grumpy.dyndns.org> References: <21096630@toto.iv> <15188.23500.936661.82769@guru.mired.org> <20010717115346.A18795@grumpy.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
David Kelly <dkelly@hiwaay.net> types: > On Tue, Jul 17, 2001 at 10:37:48AM -0500, Mike Meyer wrote: > > JavaScript is a security nightmare. Java isn't quit so bad, but CERT > > recommends turning them both off. I turn off Flash because I haven't > > had time to investigate the security issues. > Uh, don't you have Java and Javascript crossed? I don't think so. The people at Sun who worked on Java at demonstrably thought about the security implications of what they were doing, and dealt with the worst excesses in the design. As a result, Java security problems tend to be bugs in the implementation, with "in violation of security policies" being a common phrase. JavaScript tends to have bugs along the lines of "we never thought anyone would do that", like sending email to an arbitrary address at page load time, or putting java script in a cookie file then loading the cookie file to get access to the disk. The net result is that JavaScript tends to have nastier bugs than Java. Of course, I've had both of them turned off pretty much since they were introduced, and base this on watching CERT advisories and a quick check of the CERT site just now. This may not be representative of the problems seen by people who leave those enabled by default. <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15188.54022.876036.338916>