On Sat, Jun 13, 2015 at 10:55:47AM -0600, jd1008 wrote: > The most offensive problems of using browsers is that > they do not tell you nor ask your permission when javascripts > spy on your entire storage contents. Huh? You've been misinformed. Certainly there have been exploits against browsers to bypass the sandbox, but this isn't the default configuration in any browser I know of. > I had asked a java developer at Sun Microsystems about > what Sun means when it says that Java runs in a sandbox? > Just what is the sandbox? > I also asked if browsers that execute javascripts are retricted > to this notion of a sandbox that does not leak out into > the rest of the system. > > He said the "sandbox" is the entire storage on your computer. Java != JavaScript. It's a common misconception. Perhaps that's why this java developer might have answered the way he did, although I'm fairly certain Java sandboxes can also be restricted (although I'm no Java developer) so they don't have access to the entire storage of your computer. Certainly, simple UNIX permissions prevent both Java and browsers from getting access to the *entire* storage on your computer, unless they're used to exploit some other vulnerability. If you're concerned about JavaScript, I suggest looking into the NoScript firefox extension. -- Jonathan Billings <billings@xxxxxxxxxx> _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos