Security and Javascript

MJ Ray mjr at phonecoop.coop
Sat Jun 29 14:47:26 UTC 2013


On 28/06/13 12:02, Werner Koch wrote:
> The problem with noscript is that you need to add temporary exceptions
> way to often.  It is a good tool, nevertheless.

I think most of that is thanks to javascript authors who just include
external libraries from many other domains without a thought for the
performance (more DNS lookups, less request pipelining possible) and
security (what if a registrant loses a domain?) implications.

> But better also run your browser under a different account and a second
> X server or with Xephyr.  Coping and pasting lacks quite some comfort
> then but that is the price to be a little bit safer.

I do that for a few very sensititive websites.  Copy-paste lacks
comfort?  Is it even possible?

Thanks,
-- 
MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op
http://koha-community.org supporter, web and library systems developer.
In My Opinion Only: see http://mjr.towers.org.uk/email.html
Available for hire (including development) at http://www.software.coop/



More information about the Discussion mailing list