Firefox security strategy

Jeffrey Creem jeff at thecreems.com
Sun Jan 1 17:23:01 EST 2006


Ben Scott wrote:

>
>
>  While I understand the sentiment very well, and indeed like and use
> that quote myself, the pragmatic part of my personality wants to step
> in and say, "That's all very well and good, but I'd really like to be
> able to read a newspaper without fear that the ads on the bottom are
> going to steal my wallet when I'm not looking".  The needs of security
> are sometimes opposed to the desire for cleverness.
>
>  In other words, maybe we're better off without some of the
> potentially clever things that could be done with
> JavaScript/Java/whatever, if it yielded a safer web.
>  
>

We already have (almost) something that lets you read a newspaper 
without some uber strong programming language
feature. It is called plain old HTML. Turn off all scripting and what 
you are left with is still pretty capable (or would be if
sites stopped requiring scripting for even basic navigation).

Of course it is not snazzy enough and thus we get all of these things 
like javascript and java.

Actually, javascript really is designed to be safe as well. It is not 
designed to allow for some of the things people have asserted on this 
thread.

It just so happens that all software is bad and the javascript 
interpreters are no exception.

Actually, considering there have even been exploits that have been 
caused by things as simple as displaying an image, I think we are all 
pretty much just hosed.







More information about the gnhlug-discuss mailing list