On Jan 31, 9:46 am, cancel bubble <[email protected]> wrote: > "My thesis is that the security situation with JavaScript is so poor that > the only solution is to kill it. End users have very little in the way of > protection against malicious JavaScript, major web sites suffer from XSS and > CSRF flaws, the language itself allows appalling security holes, and as data > moves to the cloud the 14 year old JavaScript security sandbox becomes more > and more irrelevant." > > Thoughts?
So much hot air. The article is nearly 18 months old, nothing has changed so its influence has been zero. It probably uses a sensationalist headline to attract traffic and promote his book. The biggest security issue related to the internet, by far, is phishing. The biggest on-line fraud is committed by advance fee fraud (aka "Nigerian prince/minister/whatever scam"). Both are based on e- mail and do not require the WWW, much less javascript. Javascript does have some security weaknesses, however they are related to its implementation, not the environment itself (which is, more or less, ECMAScript in a browser implementing the W3C DOM). -- Rob -- To view archived discussions from the original JSMentors Mailman list: http://www.mail-archive.com/[email protected]/ To search via a non-Google archive, visit here: http://www.mail-archive.com/[email protected]/ To unsubscribe from this group, send email to [email protected]
