Re: Browser security questions
From: David Dorward (dorward_at_yahoo.com)
Date: 04/06/05
- Next message: Colin McKinnon: "Re: Browser security questions"
- Previous message: General Schvantzkoph: "Browser security questions"
- In reply to: General Schvantzkoph: "Browser security questions"
- Next in thread: Colin McKinnon: "Re: Browser security questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 06 Apr 2005 19:19:39 +0100
General Schvantzkoph wrote:
> 1) Can a cookie that is generated by one website be read by another?
> Cookies are used to store all sorts of sensitive information, is it
> possible for a rogue website to search through the cookies on your system
> to find things like passwords?
Not in theory. Sometimes security problems are uncovered in browsers though.
> 2) What limits are placed on what Java and Java Script can access?. Can
> they read anything that is readable by the user or are they limited to a
> sandbox of some sort? Can they read the browser's passwords file? Can they
> read arbitrary cookies?
They are sandboxed, although Java Applets can request permission to access
things that are normally forbidden to them.
In a web context, JavaScript can access the current document, cookies for
the current host and other documents in frames or popups on the same host.
-- David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/> Home is where the ~/.bashrc is
- Next message: Colin McKinnon: "Re: Browser security questions"
- Previous message: General Schvantzkoph: "Browser security questions"
- In reply to: General Schvantzkoph: "Browser security questions"
- Next in thread: Colin McKinnon: "Re: Browser security questions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
