On 07/02/2011 05:34 PM, Ed Greshko wrote: > On 07/03/2011 07:45 AM, JD wrote: >> Why do you resort to name calling? >> It is not hysterics. >> A javascript sent by we site can, if written >> to do so, open your files and upload them to >> some remote site; and you call this hysterics? >> Something is wrong with your thinking to resort >> to name calling. >> I think user's awareness, that javascripts are indeed >> invasive and a great threat to privacy, needs to be >> raised. Most users are unaware of this threat. >> > Let's put it a different way then..... > > Turn off javascript in your Browser for a day and see how your Internet > experience is affected. Then consider for a moment your statement that > "javascripts are indeed invasive and a great threat to privacy, needs to > be raised. Most users are unaware of this threat" in relationship to how > long javascript has been in use and how widely it is used as well as > your current level of familiarity with javascript. > > If javascript is as great a threat as you seem to think, then wouldn't > you think there would be a concerted effort to fix the problem? Don't > you think that by now people with much more experience would be raising > the alarms? > > FWIW, I've found that one of the biggest mistakes I've made in the past > is to come to conclusions based on observations when I was ignorant of > the underlying theory/principles/subject. > > If you are interested in learning more, maybe you should start by > picking up a copy of http://oreilly.com/catalog/9780596000486 Thanx Ed. I may not be a javscript expert. But here is a tiny tip of the problem: An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications http://cseweb.ucsd.edu/~lerner/papers/ccs10-jsc.pdf JavaScript Scope and IntenseDebate's Privacy Problems http://www.mavitunasecurity.com/blog/javascript-scope-and-intensedebates-privacy-problems/ "...JavaScript has a more troubling history of security holes...." http://www.w3.org/Security/Faq/wwwsf2.html Quote: /" ...Javascript/ is a client language, but you /can/ combine it whit a server language to /delete files/. in PHP you /can/ use unlink() function to /delete file/. *...*" http://digitarald.de/forums/topic.php?id=110 -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
