The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I just read an article in a newspaper - I think it was the Guardian - that was about JavaScript being put to bad use.
It claimed that JavaScript can be used to change your registry, and some sites used it to permanently change your homepage, so that even when you edit it, it still returns to the one they set after reboot!
Surely this is a load of crap??
I know JavaScript can be used to make pop up windows, minimise windows, bring up a new window after you close one by using 'onUnload', write cookies, or even automatically add a site to your favourites in some versions of IE... but I've never heard it's so insecure that you can change someone's registry!!
And even if it did change your homepage registry setting, surely that's exactly what changing your homepage manually does - after all, the registry is where it *stores* that setting. So how could it permanently change it? The change would just be overwritten!
Someone tell me they were talking rubbish. Please :-)
It claimed that JavaScript can be used to change your registry, and some sites used it to permanently change your homepage, so that even when you edit it, it still returns to the one they set after reboot!
Surely this is a load of crap??
I know JavaScript can be used to make pop up windows, minimise windows, bring up a new window after you close one by using 'onUnload', write cookies, or even automatically add a site to your favourites in some versions of IE... but I've never heard it's so insecure that you can change someone's registry!!
And even if it did change your homepage registry setting, surely that's exactly what changing your homepage manually does - after all, the registry is where it *stores* that setting. So how could it permanently change it? The change would just be overwritten!
Someone tell me they were talking rubbish. Please :-)
I just read an article in a newspaper - I think it was the Guardian - that was about JavaScript being put to bad use.
It claimed that JavaScript can be used to change your registry, and some sites used it to permanently change your homepage, so that even when you edit it, it still returns to the one they set after reboot!
Surely this is a load of crap??
I know JavaScript can be used to make pop up windows, minimise windows, bring up a new window after you close one by using 'onUnload', write cookies, or even automatically add a site to your favourites in some versions of IE... but I've never heard it's so insecure that you can change someone's registry!!
And even if it did change your homepage registry setting, surely that's exactly what changing your homepage manually does - after all, the registry is where it *stores* that setting. So how could it permanently change it? The change would just be overwritten!
Someone tell me they were talking rubbish. Please :-)
It claimed that JavaScript can be used to change your registry, and some sites used it to permanently change your homepage, so that even when you edit it, it still returns to the one they set after reboot!
Surely this is a load of crap??
I know JavaScript can be used to make pop up windows, minimise windows, bring up a new window after you close one by using 'onUnload', write cookies, or even automatically add a site to your favourites in some versions of IE... but I've never heard it's so insecure that you can change someone's registry!!
And even if it did change your homepage registry setting, surely that's exactly what changing your homepage manually does - after all, the registry is where it *stores* that setting. So how could it permanently change it? The change would just be overwritten!
Someone tell me they were talking rubbish. Please :-)
I wouldn't have thought JavaScript could have done that.
Maybe the writers of this article are getting mixed up with VBScript, or Active X.
Maybe the writers of this article are getting mixed up with VBScript, or Active X.
Generally speaking Javascript doesnt have access to anything like the file system, registry etc.. Inevitably though people have found security holes, ie ways to write to the registry directly and so on. Patches are usually released to correct the exploits when they're found though. Problem is, alot of people don't bother updating hence they are still vulnerable to alsorts of stuff.
Having said that, I dont really believe you need to live in fear of every site you visit that has Javascript.
-G
Having said that, I dont really believe you need to live in fear of every site you visit that has Javascript.
-G
And as an example...
http://www.securiteam.com/exploits/5FP080A5FM.html
That one uses activeX and javascript
There are plenty more though... :)
-G
http://www.securiteam.com/exploits/5FP080A5FM.html
That one uses activeX and javascript
There are plenty more though... :)
-G
Sun JavaScript (JavaScript != Java) cannot in any way write to the filesystem, including the registry, except for cookies which are very secure. This is probably a hole in IE's distribution of JavaScript that somehow allows this to happen, bloody Microsoft, but even then I really don't think this is possible.
Turbonutter wrote:
> Sun JavaScript (JavaScript != Java) cannot in any way write to the filesystem,
> including the registry, except for cookies which are very secure. This is
> probably a hole in IE's distribution of JavaScript that somehow allows this to
> happen, bloody Microsoft, but even then I really don't think this is possible.
Strange then microsoft, netscape and numerous other browser developers have been issuing patches for security holes that don't exist. Of course, its the implementations that are usually flawed rather than the language itself but the result is the same.
-G
> Sun JavaScript (JavaScript != Java) cannot in any way write to the filesystem,
> including the registry, except for cookies which are very secure. This is
> probably a hole in IE's distribution of JavaScript that somehow allows this to
> happen, bloody Microsoft, but even then I really don't think this is possible.
Strange then microsoft, netscape and numerous other browser developers have been issuing patches for security holes that don't exist. Of course, its the implementations that are usually flawed rather than the language itself but the result is the same.
-G
Javascript is pretty good, i find it very useful and secure although there are more errors in it then HTML. Has anyone noticed on every geocities site theres an error, thats because of the bad javascript!
Oh, I thought it was a Netscape-specific. Does it say an error on IE too then?
Turbonutter wrote:
> Oh, I thought it was a Netscape-specific. Does it say an error on IE too then?
Yeh, stupid geocities.....
> Oh, I thought it was a Netscape-specific. Does it say an error on IE too then?
Yeh, stupid geocities.....
Oh, how reassuring.