Re: Another Scripting Hole In Microsoft IE Exposes Local Files
From: Ken Hagan (K.Hagan@thermoteknix.co.uk)Date: 01/04/02
- Previous message: Tam McLaughlin: "storing lists of passwords"
- In reply to: Wolfgang Schelongowski: "Re: Another Scripting Hole In Microsoft IE Exposes Local Files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ken Hagan" <K.Hagan@thermoteknix.co.uk> Date: Fri, 4 Jan 2002 10:13:56 -0000
"Wolfgang Schelongowski" <spamtrap@xivic.prima.de> wrote...
>
> Both Javscript and ActiveX are known to be insecure by (lack of) design
> for *all* platforms, where they can be executed. It's been known for
> years that they are security risks.
For ActiveX this is uncontroversial, since native code is executed.
However, most of scripting problems I see with IE seem to result from
the *extent* of the scripting object model. For example, IE seems to
let you do via scripting pretty much anything that you can do at the
command prompt.
Surely a browser that restricted scripts to performing calculations
and reading or re-writing the web pages that they were embedded in
would be fairly safe, no?
Such a system would not be very different from a properly sandboxed
Java host, and I've yet to hear anyone argue that the JVM is
"insecure by lack of design for all platforms".
- Next message: Alun Jones: "Re: Another Scripting Hole In Microsoft IE Exposes Local Files"
- Previous message: Tam McLaughlin: "storing lists of passwords"
- In reply to: Wolfgang Schelongowski: "Re: Another Scripting Hole In Microsoft IE Exposes Local Files"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
