Anthony G. Atkielski wrote:
Java, JavaScript and Flash all place such limits. In the JavaScript
case, it's our responsibility, in the Java case, it's Sun's, and in the
Flash case, it's Macromedia's.
No. The responsibility is with the browser author, who must provide
ways to disable potentially insecure content from potentially insecure
sources.
You're making exactly the same argument that Microsoft has made in the
past. I saw through it then, and I see through it now.
Sad but true; a promise made by another party
is something that can't be relied upon. For most
purposes it is reasonable to assume that this is
ok, but for security work, reliance on other parties
is problematic.
iang
If any of these people fail in their duty, then it's possible that
system security could be compromised. But if they don't, it isn't.
The problem is that most of us cannot afford to discover such
compromises the hard way. There has to be a way of preventing them from
ever occurring.
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
