[1524] in WWW Security List Archive
Re: JavaScript to grab email (fwd)
daemon@ATHENA.MIT.EDU (Robert S. Muhlestein)
Thu Feb 22 19:20:40 1996
Date: Thu, 22 Feb 1996 12:37:52 -0800 (PST)
From: "Robert S. Muhlestein" <robertm@teleport.com>
To: George Spafford <gspaff@execpc.com>
cc: "Daniel L. Smith" <dls@JavaJoint.com>, www-security@ns2.rutgers.edu
In-Reply-To: <2.2.32.19960222162140.003280e4@execpc.com>
Errors-To: owner-www-security@ns2.rutgers.edu
On Thu, 22 Feb 1996, George Spafford wrote:
> >From: Jyri Kaljundi <jk@digit.ee>
> >To: cypherpunks@toad.com
> >Subject: JavaScript to grab email
> >Date: Tue, 20 Feb 1996 16:33:21 +0200 (EET)
> >
> >Another annoying feature in JavaScript and Netscape. Have a look at
> ><http://www.popco.com/grabtest.html>
>
>
> Well, if you want to take an Orwellian perspective, a person could write a
> script in Java to access all kinds of information on the local drive(s),
> even take it a step further and gather information from all attached drives
> the host has rights to.
Have you done this? Has anyone else? "Hooked on Java" and all the other
info I get from Sun and others suggests local drive read and write access
is only available to "trusted" applets (presumably a future Netscape pref
setting). Do you have any proof to support your claim (besides the recent
posting about connecting to any host, which, I agree, is very scary).
Robert Muhlestein
Teleport Creative Services
CGI Guy
cgi@teleport.com
