[3966] in WWW Security List Archive
Re: Javascript and Security
daemon@ATHENA.MIT.EDU (David M. Chess)
Mon Jan 13 13:40:22 1997
Date: Mon, 13 Jan 97 10:00:42 EST
From: "David M. Chess" <CHESS@watson.ibm.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> The clip above speaks about disabling JavaScript. This is hyped allot
> as being the "thing" to do if you're worried about security while on the
> web.
The reason they recommend disabling JavaScript in this particular
case is that a JavaScript program can cause the browser to lie
to the user about the URL of the site he's currently visiting.
So they're not just making knee-jerk blanket statements, they're
addressing a particular specific security concern. The SIP fellers
are pretty good! You can generally assume that anything they
say is content, not hype.
Of course, if you care more about function than security, you
can set your system up however you like...
- -- -
David M. Chess | Each one
High Integrity Computing Lab | individually twisted!
IBM Watson Research |
