On 12/29/05, Kevin D. Clark <[EMAIL PROTECTED]> wrote:
> So do you like a security model or not? To me you're sending mixed
> signals here. To me, a system that is designed from the ground up with
> security in mind has a security model.
What I'm trying to get at (albeit not clearly) is that t
On 12/30/05, Tom Buskey <[EMAIL PROTECTED]> wrote:
On 12/29/05, Thomas Charron <[EMAIL PROTECTED]
> wrote:
On 12/29/05, Bill McGonigle <
[EMAIL PROTECTED]> wrote:
the software changes over time. People DON'T spend their time going to a several month audit, and find each and every exploit. Th
On 12/29/05, Thomas Charron <[EMAIL PROTECTED]> wrote:
On 12/29/05, Bill McGonigle <
[EMAIL PROTECTED]> wrote:
catastrophic bug. Guess which one has a zero-day exploit today for the
same thing that was supposedly patched in the past few months?
Oh! Oh! I Know! FIREFOX! Exploits are going
On 12/29/05, Bill McGonigle <[EMAIL PROTECTED]> wrote:
catastrophic bug. Guess which one has a zero-day exploit today for thesame thing that was supposedly patched in the past few months?
Oh! Oh! I Know! FIREFOX!
http://www.frsirt.com/exploits/20051212.fireburn.php
http://www.eweek.com/a
On Dec 29, 2005, at 16:04, Ben Scott wrote:
Then again, I don't really *know* anything about Firefox's
internals; I've just read blurbs and articles here and there. Maybe
most of what I want is already there.
Firefox does have some limitations on JavaScript. For instance, I
recently read
Ben Scott writes:
> To some extent, but not completely. Certainly, at one point in it's
> history, Java was being sold as an ideal "sandbox" for things like
> client-side intelligence in web pages.[1] However, it was still
> designed around the idea of a general-purpose programming language
>
On 12/29/05, Kevin D. Clark <[EMAIL PROTECTED]> wrote:
>> JavaScript should have been designed ... such that it
>> doesn't even have the capability to do risky things.
>
> To me, you just described Java, but that's another thing entirely.
To some extent, but not completely. Certainly, at one po
Ben Scott writes:
> I'm not against all client-side scripting. I just think a web page
> should be limited to mucking around with itself only, and not be
> allowed to modify the window around it, or my system, or
> what-have-you. What those particular things I posted do is prevent
> web page
On 12/29/05, Bill McGonigle <[EMAIL PROTECTED]> wrote:
> ... Check out NoScript ...
On 12/29/05, Kevin D. Clark <[EMAIL PROTECTED]> wrote:
> JavaScript can be grubby, but it also enables things like AJAX, which
> can be genuinely useful/neat.
Heh. I was wondering if this would happen. :)
I
