begin quoting [EMAIL PROTECTED] as of Sat, Dec 29, 2007 at 05:11:52PM -0800: > On Sat, Dec 29, 2007 at 04:56:43PM -0800, SJS wrote: > > If you're going to have 'em run untrusted programs as a way of life, why not > > just have 'em download actual application programs? > > First of all, I'm not sure if that is possible. How sophisticated > have Javascript client apps become? Could you download and run > say an entire tiny IM/IRC client app in your browser?
There are Java IRC applets out there all over the place. So yes, you can. Whether or not there's a Javascript one out there, I don't know, and I don't really care. Browsers don't have the right toolset yet. > Even if that was possible, one downside would be that it would function > like a "normal" IM/IRC app and require more ports than 80. The web based > hack may be more agreeable politically as it doesn't require any extra > ports to be open. It's not the ports that are the problem. "Port 80" isn't automatically "safe", therefore, if you use port 80, your application will be "safe". That's believing in magic. If only port 80 is being allowed, then the policy in place is probably "only web-pages allowed". The guardians at the edge of the network are allowed to inspect all traffic, and shut down or modify those they do not approve; they are allowed to enforce policy. Have a problem? Change the policy. Getting around the policy is a security breach, by defintion. -- Given my druthers, all firewalls would allow for filtering out of scripts. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
