On Sun, 06 Jul 2014 12:23:35 -0400, Arne Vajh?j wrote:
On 7/3/2014 9:01 AM, w.tom.adams@gmail.com wrote:
On Wednesday, July 2, 2014 11:00:56 PM UTC-4, Eric Sosman wrote:
I permit JavaScript, use "click to run" for Flash, and
don't even install Silverlight.[*]
One question I have is this: Why is Javascript not as vulnerable as Java Applets?
In recent years Java applets has had more and more serious security
vulnerabilities.
But various JavaScript implementations has also had numerous security
vulnerabilities.
The entire "run code in browser" idea is hard to keep 100% secure.
To be fair, that's kind of a weird expectation in the first place. People
find it entirely reasonable to just download opaque .exe files and run them
from any website that looks even remotely respectable, but if that website
were to ask them if it was ok to maybe for a minute run some sandboxes Java
code, they'd freak out.
In fact, I used to host a game through Java Webstart, and the #1 support
question was something amongst the lines of "I heard Java was insecure,
can't you give me an exe file to download". People are idiots.
produce bigger and better idiots. So far, the Universe is winning."