The whole point though is that running or not running script on sites you trust is not sufficient. E.g. you may trust myfavoritesite.com to run script, but then tomorrow it gets hacked and starts including malicious javascript. This is something that Safe Browsing (the anti-malware protection built into Google Chrome) can help with, but is not something that would be stopped if you say "I trust myfavoritesite.com to run script". People are hacking sites you trust and that you visit. That's how they get infections. They're not trying to hack sites that nobody visits. This is not something that I think would be a useful feature from a security perspective.
On Tue, Sep 16, 2008 at 1:08 PM, gbob <[EMAIL PROTECTED]> wrote: > > You say, "Wouldn't that just be like Mozilla Firefox + NoScript?". > No, as safe as IE6 with prompt for scripts and having a trusted sites > list. Automatically run scripts on sites YOU trust and examine all > others deciding on a site-per-site basis which you'll give permission > to run scripts. Thanks. > > On Sep 16, 5:38 am, "Alwin Garside" <[EMAIL PROTECTED]> wrote: > > Wouldn't that just be like Mozilla Firefox + NoScript? > > > > > > > > On Mon, Sep 15, 2008 at 11:35 PM, gbob <[EMAIL PROTECTED]> wrote: > > > > > Allowing the user to set the browser security to allow them to set it > > > to ask for permission to run any scripts (Java, Javascript, etc.) and > > > to have a trusted sites list similar to the way IE works. > > > > > On Sep 15, 7:29 pm, "Ian Fette" <[EMAIL PROTECTED]> wrote: > > >> I'm not sure what the ask here is. We don't allow active-x to run. > > > > >> On Mon, Sep 15, 2008 at 7:23 PM, gbob <[EMAIL PROTECTED]> wrote: > > > > >> > Hello: I currently use only IE 6 (I know, I know) because it has one > > >> > of the most important security features that has prevented a number > of > > >> > infections recently. I have three separate OS partitions with XP on > > >> > each. One is used for my non-web work with ALL data and most > programs > > >> > on another drive. Another is used for my normal Web work and has NO > > >> > connection to ANY data; documents, projects, etc. And the last is a > > >> > test partition setup the same way, to test security where I take > more > > >> > risks. So, on my test partition, in the last month, I was infested > > >> > twice by a number of malware programs that got through all > (numerous) > > >> > defenses. My normal web partition is setup slightly differently. I > > >> > use only IE and have ActiveX and scripts set to "Prompt" and add > only > > >> > a few sites I trust to the trusted sites list. Even the trusted > sites > > >> > prompt for permission when scripts from other sites are executed at > > >> > that site (and I say no, which works fine). It has NEVER been > > >> > infected. It's a pain, I know, but it's MUCH safer and would be > great > > >> > if Chrome had the same so it was at least as secure IE in that > > >> > respect. I'll use Chrome for regular web access when it has it. > > >> > Thanks. > > > > >> > May or may not apply... > > >> > See:http://www.darkreading.com/document.asp?doc_id=162515 > > >> > Report: Popular Web Attacks Go Stealth > > > > -- > > Alwin "Yogarine" Garside > > Development Lead > > LinFox Serviços de Informatica LTDA.http://www.linfox.com.br > > Phone: +55 (0xx)83 3333-9084 > > Mobile: +55 (0xx)83 91275361 > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-dev?hl=en -~----------~----~----~----~------~----~------~--~---
