- From: Albert Lunde <Albert-Lunde@nwu.edu>
- Date: Fri, 18 Oct 1996 12:11:58 -0500 (CDT)
- To: www-html@w3.org
> > I am not even gonna get into the security questions of JavaScript
> > except to note that this too is gonna be hard to ignore).
>
> Have there been security problems with JavaScript? I thought JavaScript
> was pretty innocuous, seeing as how it's just human-readable statements
> interpreted by the UA that only affect the display. Are you not
> thinking of Java programs?
There have been security problems with both. JavaScript is worse in
that it doesn't start with a security model; Java at least had
a good low-level security model, though the higher-level
"security manager" was an afterthought. Both Netscape (JavaScript)
and Microsoft (Word Macros, Win NT permissions) seem to
need to hire some more paranoid security review people ;)
--
Albert Lunde Albert-Lunde@nwu.edu
Received on Friday, 18 October 1996 13:12:03 UTC