On Wed, 12 Mar 2003 09:12:13 GMT, Richard Martin said: > Security is the browser's responsibility. You cannot blame a language > for insecure implementations of it. (You *can* blame for trying to be > too much like Java whilst discarding type-safety, using a different > inheritance model etc. -- but that is another story.)
And does this mean that security is the desktop's responsibility? Or
that you can't blame E for allowing leaky Flash plugins?
Note that I don't have a problem with the *concept* of plugins. It was
the choice of a particularly egregious offender that pushed my button,
although the concept of *scriptable* plugins has lots of security uglies.
I don't think you *can* make Javascript secure - its basic security model
is just so fucked - so yeah, I'm blaming JS for discarding type safety
and having a b0rken inheritance model, etc etc. ;)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgp00000.pgp
Description: PGP signature
