d.haslam at ukonline.co.uk
Mon Feb 23 08:22:29 MST 2009
Having scripting permanently switched on is considered by some security
conscious users as a security risk for drive-by malware infections. This has
been discussed in some depth in various episodes of the weekly Security Now!
podcasts hosted at http://grc.com/ grc.com .
One solution that has been recommended from time to time is a Firefox add-on
called http://noscript.net/ NoScript .
Having said that, it is true that many online banking and commerce sites use
transactions are secure.
Many webmail or groupware clients such as the http://www.horde.org/ Horde
The main point to address if we move to using scripting is to ensure that
the programming does not become vulnerable to
http://en.wikipedia.org/wiki/Cross-site_scripting XSS exploits.
Peter von Kaehne wrote:
> Just to get some feedback here :
> is then done on the server.
> probably require to dump the ability to turn JS off unless we want to
> duplicate lots and lots of code.
> A few years back it seems this would have been a huge issue, but now I
> find that every other site is using AJAX to their hearts content without
> people complaining about it anymore.
> We will package the existing site as a release after fixing the the last
> few bugs of which we are aware, so that those who want/need a swordweb
> without AJAX can get it.
> So, my question is - would you feel this is a bad move?
> sword-devel mailing list: sword-devel at crosswire.org
> Instructions to unsubscribe/change your settings at above page
Sent from the SWORD Dev mailing list archive at Nabble.com.
More information about the sword-devel