Wednesday, March 30th, 2005

JavaScript Security Concerns

Category: JavaScript

<p>Michael Moncur has spoken about the concerns wrt security with GreaseMonkey.

I understand that people get concerned when they think of scripts running wild on their system.

However, like Michael, I also find it ironic that many of the same people are 100% ok with installing firefox extensions, or grabbing the latest Cool Toy from the internet.

There are simple rules:

If you want to be safe. Install nothing.

If you want to install cool features, you have to trust where it came from.

Related Content:

Posted by Dion Almaer at 10:38 am
8 Comments

+++--
3.2 rating from 16 votes

8 Comments »

Comments feed

If those rules were true, then software development would be much further behind than it is. The middle road between those two rules is: install (trusted) stuff that enforces a security model, then run cool features within the security model.

This isn’t new; AT&T and BSD Unix did it. Java has a security manager class. DHTML has a security model.

None of them are great. DHTML lets you upload data to servers, Java fixes that but lets scripts consume all your RAM and CPU, and so on.

And yep, install a Mozilla extension on your Windows box, and you ain’t using a security model at all.

Funny, I was musing about this yesterday ( http://ajaxredux.com/forum/stories.php?story=05/03/31/6717948 ) … I wonder if a good popular security model will emerge, or if instead web developers only write good apps for the sloppier insecure models. There’s definitely precedent…

-trav

Comment by Travis Wilson — April 1, 2005

http://www.greenlush.com website

Comment by Jason — January 9, 2007

installing firefox extensions is safe

Comment by Maldives — May 19, 2007

“If you want to be safe. Install nothing.

If you want to install cool features, you have to trust where it came from.

Superb

Comment by atshya — August 9, 2007

What do you know…A widget is always bound to an HTML element. This will typically be a div, but can really be anything (depending on the widget). We take the Dojo approach of leveraging custom attributes in order to do all of the wiring

Gee interesting… i need to go walk the dog..later bud!

Comment by Friendly dog — October 6, 2007

Indeed Beauty is in the eye of the beholder… a little help from nature wont hurt either. Natural products for a beautiful you ladies

Comment by naturalbeauty online — October 25, 2007

some of Firefox plugin is worth using that’s why many people are abusing that

Comment by mountlaurel — March 1, 2008

Interesting

Comment by jarvez — December 14, 2009

Leave a comment

You must be logged in to post a comment.