Stewart Stremler wrote: > begin quoting James G. Sack (jim) as of Fri, Dec 01, 2006 at 12:36:17PM > -0800: >> Today's /. has a useful reference to "Myth-Busting AJAX (In)security" >> >> http://www.whitehatsec.com/home/resources/articles/files/myth_busting_ajax_insecurity.html >> >> My bottom line paraphrasal: >> it doesn't make things any worse than javascript and http itself. > > My take was that AJAX doesn't introduce any _new_ security problems. > > Aside from training users to leave Javascript enabled by default, and > to avoid using tools like NoScript or Muffin. >
No arguments. Although I believe javascript will probably not go away (_hopefully_, security [and annoyance] risks will diminish with time -- wishfully?). Thanks for mentioning NoScript and Muffin. I found the following pages http://www.noscript.net/whats http://muffin.doit.org/ which do look interesting. BTW, the author of the original article has a blog and evidently some respect in the security world. One interesting post is Browser Port Scanning without JavaScript http://jeremiahgrossman.blogspot.com/2006/11/browser-port-scanning-without.html Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
