 |
|
|
| > |
QUESTION POSED ON: 24 August 2001
Could you point out several security holes in JavaScript?
|
|
| > |
|
Sure. There have been enough of them over the years. Go to Bugtraq and search for
"javascript." I just did it and came up with 459 items. That's more than
several.
What is your real question?
Something to remember about security holes is that once they're fixed,
they're no longer a problem, and *all* large systems have security holes in
them. It takes time for fixes to propagate, because users have to upgrade
or update to get the fixes. But once the bug is fixed, it's fixed.
Are you looking for ammunition for not using JavaScript in a Web
application? If so, what are your alternatives? I can suggest a couple
things. I'm old-fashioned and real fond of straight old HTML with text and
pictures and no frames, myself, but I've seen some very pretty sites that
use Flash, I must admit.
Are you looking for justification for having JavaScript turned off in your
browser? I usually run with JavaScript turned off. Security problems aren't
really the issue -- it's those damned pop-up windows. I hate them, and
turning off JavaScript makes them go away.
Typically, my browser has
JavaScript off, and if I come across some site that really needs it that I actually want to use, (often, my answer to a site saying it needs
JavaScript is to just go do something else) then I turn it on. Usually I
forget to turn it off until the next pop-up window comes up, angering me
again.
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
