On 07/02/2011 05:34 PM, Ed Greshko wrote:
On 07/03/2011 07:45 AM, JD wrote:
Why do you resort to name calling? It is not hysterics. A javascript sent by we site can, if written to do so, open your files and upload them to some remote site; and you call this hysterics? Something is wrong with your thinking to resort to name calling. I think user's awareness, that javascripts are indeed invasive and a great threat to privacy, needs to be raised. Most users are unaware of this threat.
Let's put it a different way then.....
Turn off javascript in your Browser for a day and see how your Internet experience is affected. Then consider for a moment your statement that "javascripts are indeed invasive and a great threat to privacy, needs to be raised. Most users are unaware of this threat" in relationship to how long javascript has been in use and how widely it is used as well as your current level of familiarity with javascript.
If javascript is as great a threat as you seem to think, then wouldn't you think there would be a concerted effort to fix the problem? Don't you think that by now people with much more experience would be raising the alarms?
FWIW, I've found that one of the biggest mistakes I've made in the past is to come to conclusions based on observations when I was ignorant of the underlying theory/principles/subject.
If you are interested in learning more, maybe you should start by picking up a copy of http://oreilly.com/catalog/9780596000486
Thanx Ed. I may not be a javscript expert. But here is a tiny tip of the problem:
An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications http://cseweb.ucsd.edu/~lerner/papers/ccs10-jsc.pdf
JavaScript Scope and IntenseDebate's Privacy Problems http://www.mavitunasecurity.com/blog/javascript-scope-and-intensedebates-pri...
"...JavaScript has a more troubling history of security holes...." http://www.w3.org/Security/Faq/wwwsf2.html
Quote: /" ...Javascript/ is a client language, but you /can/ combine it whit a server language to /delete files/. in PHP you /can/ use unlink() function to /delete file/. *...*" http://digitarald.de/forums/topic.php?id=110