[3952] in WWW Security List Archive
Javascript and Security
daemon@ATHENA.MIT.EDU (Ocean5)
Sat Jan 11 02:15:02 1997
Date: Fri, 10 Jan 1997 21:36:43 -0800
From: Ocean5 <ocean5@ix.netcom.com>
Reply-To: ocean5@ix.netcom.com
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
>| WEB SPOOFING IS NO JOKE
>| Researchers at Princeton University have released a paper documenting ways
>| that nefarious crackers could dupe unwitting Web browsers into divulging
>| personal information,
<<< SNIP>>>
>| The researchers suggest that Web surfers take the following
>| precautions: disabling JavaScript in their Web browsing software; keeping
>| an eye on the software's location line, to ensure they know where they are;
>| and paying close attention to the addresses they visit. (Chronicle of
>| Higher Education 10 Jan 97 A25)
>| < http://www.cs.princeton.edu/sip/pub/spoofing.html >
The clip above speaks about disabling JavaScript. This is hyped allot
as being the "thing" to do if you're worried about security while on the
web. I wonder though if the security holes that can be "closed" on a
browser by disabling JavaScript on the client, can be reopened if the
Script is run on the server? Like on a Netscape Server using the
Livewire environment...?
Disable JavaScript if you will, but its a pretty helpful bit of
technology at times. It seems a big trade, to loose the functionality
of this Scripting language for the sake of "security". Esp. when
there's so many other ways to get my info, if a hacker really wants it.
My $.02...
Any help with the Server side scripting question is appreciated.
Tim Chandler
SurfCheck
World Internet Surf Reports
http://www.surfcheck.com
http://www.surfcams.com
