On 2017-03-16 13:07, Karoly Balogh (Charlie/SGR) wrote: > Yes, but it is important to know there's a difference with Java Applets, > Flash and Silverlight - WebAssembly is not a plugin. It runs in the same > VM which runs everything Javascript in the browser. So the browser vendors > have full control on the code which runs there.
And this brings me to my next worry. As far as I understand, WebAssembly is C (for now - other languages to follow) compiled into WebAssembly bytecode. So now we have C code with all its pointer access, buffer overflow issues etc running in the web browser space - at least Java Applets were a lot safer in that regards, and Java Applets require explicit signed executables and granted permission by the end-user (per app, per domain etc). WebAssembly just runs - no questions asked. Then we have the issue of code being obfuscated when compiled into bytecode. So now it is even harder to detect malicious code. The more I look at this, the more of a nightmare (security wise) WebAssembly looks. Now we will have a cross-platform incubator for malicious viruses, free to run in the web browser space, access to low-level hardware, and all without explicit asking for or being granted permission to run (ie: like Java Applets). It seems I am not alone in thinking this way. Just read the comments posted at the link listed in the first message of this thread. Regards, Graeme _______________________________________________ fpc-pascal maillist - fpc-pascal@lists.freepascal.org http://lists.freepascal.org/cgi-bin/mailman/listinfo/fpc-pascal