[nycphp-talk] javascript vulnerability
Jim Hendricks
jim at bizcomputinginc.com
Mon Jul 29 17:54:25 EDT 2002
Dan, sorry I didn't have the chance to meet you, I showed up a little late &
then had to scoot out as soon as the presentation was through.
Onto the JS vulnerability. This vulnerability must come from the server. I
still stick by JS as a valuable addition to the web experience. If you want
to have JS disabled to protect against hitting an untrusted site then fine,
that doesn't mean I shouldn't use JS in my web apps. You can always check a
vendor out to find out if they are what you would consider reputable. If
so, add them to your trusted list & have JS enabled in your trusted list.
Today's business is a lot more savy to the ways of the web and when they see
functionality on a web site that they want on theirs, throwing security up
as an excuse not to do it doesn't work anymore. When they can find this
functionality on large reputable sites they consider that the security
issues must not be so great and that you are just being the purveyor of doom
and gloom. I still take the position that if my client wants it and I can
code it, then they will get it. They will get my standard warning about the
potential insecurity, but the final decision is there's. If they should
lose business because too many of their potential customers have JS
disabled, then the burden is on them since they decided to forego my
warning. If they should find themselves under attack, once again, the
burden is on them.
Jim
----- Original Message -----
From: "Analysis & Solutions" <danielc at analysisandsolutions.com>
To: "NYPHP Talk" <talk at nyphp.org>
Sent: Monday, July 29, 2002 3:34 PM
Subject: [nycphp-talk] javascript vulnerability
> Hi Folks:
>
> Nice meeting some of you last week. Security Focus' latest weekly
> contains a notice about a JavaScript vulnerability. In some ways, it's
> just another incantation of prior problems.
>
> http://www.securityfocus.com/bid/5290
>
> Anyway, it's a good reason to keep JS off in your browser. And another
> good not to rely on it on your websites.
>
> Enjoy,
>
> --Dan
>
> --
> PHP classes that make web design easier
> SQL Solution | Layout Solution | Form Solution
> sqlsolution.info | layoutsolution.info | formsolution.info
> T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
> 4015 7 Av #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
>
>
>
>
More information about the talk
mailing list