On Thursday 29 August 2002 19:29, Rod Roark wrote: > What you can do is quit your web browser and restart it > again just before accessing a trusted site (e.g. your > accounting system).
Mh, well, no, you'd have to quit your browser if the LEAVE your accounting system, too. SQL ledger carries the password in the URLs it uses and there have been malicious JS scripts which managed to access the URLs stored in the browsers histroy list with some browser versions. Even more easily the current URL containing the password could be accidentially passed to the site you visit after leaving the accounting system as the referer URL with a buggy browser. Additionally there where some scripts which could read data from known files on disk so keep valuable data away from JS enabled browsers if you're really paranoid. ;) However with a correct JS and browser implementation all this should be impossible. Browsers like Mozilla / Netscape 4/6/7 have been extensively audited AFAIK and are believed to be quite secure while IE is known to have a bunch of security bugs left. Browsers like Konqueror (which I'm using), Opera, iCab and Co. are not that commonly used and probably have not been examined that closely, so I would not trust their security too much. Konqueror just had a bug discovered in it's SSL-implementation. (The bug in Konqueror had been fixed within 3 days after beeing announced while IE which has the same bug still carries it... ;) I trust it that much, however, that I use Konqueror for managing my private bank account.) Greetinx, Gunter Ohrner -- Most alchemists were nervous, in any case; it came from not knowing what the crucible of bubbling stuff they were experimenting with was going to do next. -- (Terry Pratchett, Moving Pictures) -+-+-+-+-+- PDEPP Webserver: http://pdepp.SourceForge.net/ -+-+-+-+-+- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------- (un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users Archive: http://www.mail-archive.com/[email protected]/
