RE: techport80
On 17 Sep 2002 Kat wrote:
>>"Current" is not always good, see the latest java security report >>on
>>http://www.vnunet.com/News/1134931 If you have IE 6.x it may be >>a bit
>>harder to disable Java, since MS has taken away many of those >>settings
>>which allow you to close the backdoors and loopholes. >>Javascript is
>>even worse. Do you want to show webpages, or do
>>you want people to open up their computers to any ole script >>kiddie?
>>If you require me to breach security on my computers to see >>your
>>webpages, let me assure you it's not worth it.
>>
>>Kat
>>
Thanks for posting the article on Java security. Very informative. I
would like to point out a new key points about that article and that web
page though. Also I agree with you in the fact that newer isn't always
better. Further, I would like to state that JavaScript is used
sparingly on my website and that you can read anything on my site should
you choose to turn JavaScript off. I'm a professional web developer and
would never 'require' you to breach security on your computer to read my
website. The article you pointed to states that Java, shipped with the
latest versions of IE, has know security flaws. And according to the
article these flaws are very serious. But if you make it to the bottom
of the article, it points out 2 important facts. First the JVM in
question is a Microsoft 'modified' version of the JVM and not the
official Sun version. Secondly what the article doesn't state is that
the latest IE browser are shipping the antiquated JVM version 1.1.4.
(for more info go to http://zdnet.com.com/2100-1104-937059.html) The
latest version 1.4.x by Sun, do not have the security flaws mentioned in
the article you referred to. For that matter, neither did the Suns
version of Java shipped way back then. I don't use any Java on my
website though. But the reason for that is that there is no way for me
to know in advance what (if any) version of Java the browser is using.
This sad fact is quite unfortunate because Java (by Sun) is a truly
great product.
You stated that you feel that "JavaScript is even worse." Worse?? Worse
than what?? JavaScript is safe. There is very little you can do with
JavaScript, as a standalone tool, that is not what it was intended to
do. When combined with other tools, JavaScript poses a little more of a
risk, but that risk is minimal. If you know something contrary to what
I'm stating here, please point me to your resources so that I can
further investigate this matter. In the meantime, allow me to post a
link back to a website I know you trust.
http://www.vnunet.com/News/1132579
http://www.vnunet.com/News/1131845
http://www.vnunet.com/News/1133109
The above three links go a long way in pointing to the real security
issues a web surfer faces. And I can assure you, Kat, that these
articles are not pointing to CSS, W3C DOM, JavaScript, or
http://www.techport80.com for security related issues.
Ron_W
|
Not Categorized, Please Help
|
|
