On Sat, Aug 10, 2013 at 09:43:03 -0400, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote:
This ship has sailed. In fact, it has sailed out of the harbor, across the ocean, to the remote isles, and brought back a collection of valuable trade goods. The web today depends on Javascript, and client-side scripting brings so much of what makes it actually useful that the idea of going back to entirely server-based scripting is a non-starter. The security answer here isn't going back to the web of the 90s. It's using modern container and security policy systems to contain the risk.
It is a very hard problem to get right, particularly if you want to share some, but not all, data between remote applications. So far this approach hasn't worked all that well. JS has way too much access. Even java, which was designed as a sandbox from the start, has had a lot of bugs letting hostile code reach out of the sandbox.
My feeling is the reason JS is popular is precisely because it is so easy to violate users' privacy and commercial sites have a lot of incentive to abuse that ability. So most likely things won't go back.
A better for the users solution, would be to have complex applications like games run in a sandbox (such as java) and web sites just providing or collecting information just use html and css. And it should be made obvious when web sites are delivering an application so that people can decide whether or not they want to risk that.
Just because a lot of people are doing something one feels is wrong, doesn't mean you have to silently accept it. (Though you do need to decide which battles are worth fighting.)
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
