[BNM] Web 2.0: Javascript rubbish; Flash much better
iestyn lloyd
iestyn at gmail.com
Tue Apr 3 12:27:28 BST 2007
http://www.regdeveloper.co.uk/2007/04/03/javascript-hijacking/
"
Out of 12 popular Ajax frameworks analysed by Fortify – Direct Web Remoting
(DWR); Microsoft ASP.NET Ajax (a.k.a. Atlas); xajax; Google Web Toolkit
(GWT); Prototype; Script.aculo.us; Dojo; Moo.fx; jQuery; Yahoo! UI; Rico;
and MochiKit – only DWR 2.0 implements mechanisms that control JavaScript
Hijacking. The rest neither provide protection nor mention the possibility
in their documentation.
[...]
JavaScript security has been a bit of a disaster since its inception,
probably because it has been pushed well beyond what it was originally
intended for.
Adobe's Flash is much better architected for security (not perfect, but
better), he says, and perhaps that makes it a better basis for Web 2.0 style
programming.
"
More information about the BNMlist
mailing list. Powered by Wessex Networks