Firefox security strategy
Jeffrey Creem
jeff at thecreems.com
Sun Jan 1 17:23:01 EST 2006
Ben Scott wrote:
>
>
> While I understand the sentiment very well, and indeed like and use
> that quote myself, the pragmatic part of my personality wants to step
> in and say, "That's all very well and good, but I'd really like to be
> able to read a newspaper without fear that the ads on the bottom are
> going to steal my wallet when I'm not looking". The needs of security
> are sometimes opposed to the desire for cleverness.
>
> In other words, maybe we're better off without some of the
> potentially clever things that could be done with
> JavaScript/Java/whatever, if it yielded a safer web.
>
>
We already have (almost) something that lets you read a newspaper
without some uber strong programming language
feature. It is called plain old HTML. Turn off all scripting and what
you are left with is still pretty capable (or would be if
sites stopped requiring scripting for even basic navigation).
Of course it is not snazzy enough and thus we get all of these things
like javascript and java.
Actually, javascript really is designed to be safe as well. It is not
designed to allow for some of the things people have asserted on this
thread.
It just so happens that all software is bad and the javascript
interpreters are no exception.
Actually, considering there have even been exploits that have been
caused by things as simple as displaying an image, I think we are all
pretty much just hosed.
More information about the gnhlug-discuss
mailing list