On Thu, Jun 2, 2022 at 5:21 PM Raul Miller <[email protected]> wrote:
> On Tue, May 31, 2022 at 7:57 PM 'robert therriault' via Programming > <[email protected]> wrote: > > 1) The functionality of the J Playground is increasing and this allows > it to be used in a wider range of situations within the wiki, especially > with the inclusion of add-ons available through the interface. Use of the > playground will benefit from labs or video demos to provide access to the > full functionality. Security issues are most likely to be through > infiltration into the community and gaining trust to create malicious code > within the wiki or the J playground. We will need to be aware of this as > the community grows. > > After thinking about this: > > Note that the context here was "j specific hacks". As long as we are a > small group of people, we are not particularly interesting in the > context of any major conflicts. > > That said, we have no special immunity to problems of the larger > group(s) which we belong to. (For example, the wasm J implementation > would still be vulnerable to generic wasm problems. And, these are > likely to crop up as web assembly becomes more widely deployed and > used.) > > I saw this note about security issues and meant to google it. Your reply reminded me to do it to confirm my suspicions... https://webassembly.org/docs/security/ Security concerns differ across individuals. I know a small number of people who browse the web with javasscript disabled because they don't trust the browser sandbox (somewhat for good reason depending on what websites a person goes to)... It was certainly a good decision a decade ago when everything ran as privileged. I follow somewhat of the thinking of looking at security through the lens of "likelihood and impact"[1] My personal take is that the likelihood is extremely low that someone would target the J community and the resulting impact is hard to guess as to the level of exploit of the browser sandbox. For me, I have a relatively high level of trust in the browser sandbox so I'm not worried about the security of the J playground. Each person has their own take on this though Hope this helps add another perspective 1 - https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/nist800-30.pdf ---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
