The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
It claimed that JavaScript can be used to change your registry, and some sites used it to permanently change your homepage, so that even when you edit it, it still returns to the one they set after reboot!
Surely this is a load of crap??
I know JavaScript can be used to make pop up windows, minimise windows, bring up a new window after you close one by using 'onUnload', write cookies, or even automatically add a site to your favourites in some versions of IE... but I've never heard it's so insecure that you can change someone's registry!!
And even if it did change your homepage registry setting, surely that's exactly what changing your homepage manually does - after all, the registry is where it *stores* that setting. So how could it permanently change it? The change would just be overwritten!
Someone tell me they were talking rubbish. Please :-)
It claimed that JavaScript can be used to change your registry, and some sites used it to permanently change your homepage, so that even when you edit it, it still returns to the one they set after reboot!
Surely this is a load of crap??
I know JavaScript can be used to make pop up windows, minimise windows, bring up a new window after you close one by using 'onUnload', write cookies, or even automatically add a site to your favourites in some versions of IE... but I've never heard it's so insecure that you can change someone's registry!!
And even if it did change your homepage registry setting, surely that's exactly what changing your homepage manually does - after all, the registry is where it *stores* that setting. So how could it permanently change it? The change would just be overwritten!
Someone tell me they were talking rubbish. Please :-)
Maybe the writers of this article are getting mixed up with VBScript, or Active X.
Having said that, I dont really believe you need to live in fear of every site you visit that has Javascript.
-G
http://www.securiteam.com/exploits/5FP080A5FM.html
That one uses activeX and javascript
There are plenty more though... :)
-G
> Sun JavaScript (JavaScript != Java) cannot in any way write to the filesystem,
> including the registry, except for cookies which are very secure. This is
> probably a hole in IE's distribution of JavaScript that somehow allows this to
> happen, bloody Microsoft, but even then I really don't think this is possible.
Strange then microsoft, netscape and numerous other browser developers have been issuing patches for security holes that don't exist. Of course, its the implementations that are usually flawed rather than the language itself but the result is the same.
-G
> Oh, I thought it was a Netscape-specific. Does it say an error on IE too then?
Yeh, stupid geocities.....