Abouut 10-15 years ago (or perhaps up to as recent as 6-7 years ago), I remember people saying JavaScript was insecure and couldn't be trusted and that people should just disable JavaScript in their web browser. These days, however, many sites and web-based software rely on JavaScript, and without JavaScript, they just wouldn't work. Makes me wonder what has changed? I like JavaScript, and there's lots of cool stuff you can do with it, so it's hard to imagine turning it off, particularly with the plethora of web-based software that relies on it now. Why do web browsers even still provide an option to disable JavaScript?

Nightfox

Re: JavaScript security
By: Nightfox to All on Tue Apr 12 2011 17:55:44

Abouut 10-15 years ago (or perhaps up to as recent as 6-7 years ago), I remember people saying JavaScript was insecure and couldn't be trusted and t people should just disable JavaScript in their web browser. These days, however, many sites and web-based software rely on JavaScript, and without JavaScript, they just wouldn't work. Makes me wonder what has changed? I l JavaScript, and there's lots of cool stuff you can do with it, so it's hard imagine turning it off, particularly with the plethora of web-based software that relies on it now. Why do web browsers even still provide an option to disable JavaScript?

Nightfox

Generally the best bet seems to be to use firefox + the noscript extension,
so you get to pick what javascript (or at least what hosts with javascript) actually winds up running. Because javascript is still often insecure.

cykros


---
■ Synchronet ■ [ENT] aNNo 2081 UHQ * CRO BBS WHQ * FLT AMiGA NZHQ * FOOD WHQ [ENT]

Re: JavaScript security
By: Cykros to Nightfox on Fri Apr 15 2011 11:45:34

Generally the best bet seems to be to use firefox + the noscript extension, so you get to pick what javascript (or at least what hosts with javascript) actually winds up running. Because javascript is still often insecure.

Ah, interesting.. I was just curious what people think these days.

Nightfox

On 4/12/2011 5:55 PM, Nightfox wrote:

Abouut 10-15 years ago (or perhaps up to as recent as 6-7 years ago), I remember people saying JavaScript was insecure and couldn't be trusted and that
people should just disable JavaScript in their web browser. These days, however, many sites and web-based software rely on JavaScript, and without JavaScript, they just wouldn't work. Makes me wonder what has changed? I like
JavaScript, and there's lots of cool stuff you can do with it, so it's hard to
imagine turning it off, particularly with the plethora of web-based software that relies on it now. Why do web browsers even still provide an option to disable JavaScript?

10-15 years ago people were saying you could get a virus unless you disabled cookies in your browser too. It is one area modern browsers have put a lot of energy into preventing security issues via JS directly.

Flash was always a far bigger hole than JS as far as security went, in Flash7 you could get filesystem access... though Flash has gotten better... Adobe Reader and Java are bigger targets now than anything else.

--
Michael J. Ryan - http://tracker1.info/

---
■ Synchronet ■ Roughneck BBS - telnet://roughneckbbs.com - www.roughneckbbs.com