Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Java vs. JavaScript (security issues)

  1. #11
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    Originally posted here by Tiger Shark
    I'm going to make a couple of assumptions... If they are wrong.... don't yell... just correct them....



    You state that you want to create a web page. The implication of that is that you intend the page to be publicly available.

    You state that you want to experiment with security. The implication is that you intend and are competent in monitoring that web page and, ultimately, the server for compromise.

    You stated that your security isn't intended to keep anybody out.... Not sure what to say about that other than the point above is probably not going to occur, (proper monitoring and recognition of compromise).

    Now to the guts of my response.....

    You don't _play_ at security on the public internet.... Your web page becomes someone else's conduit to attack me... This is the irresponsible use of the internet that allows those of malicious intent to have their way so easily... You don't appear to be competent to do this properly, so please don't do it if it is publicly available...

    Understood?
    *falls over* I sorry! *bows over and over again* geez, all I wanted was to test an applet or a script that was not connected to anything other than the web page itself. There would be no connections to a server other than hosting it....
    My original idea was that if i gave a person the "password" then that person could look a photo album or something that not everyone else could see. Everything would be completely contained within the HTML pages

    I am sorry if I have offended any of you for releasing my idea into the public eye...
    there's always a way in...

  2. #12
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I'm not offended. What's the old saying? You almost have to forgive ignorance?

    That said, your idea and experiment itself is not bad. In fact, it's a healthy curiousity. I encourage you to experiment, however, you are missing an important point that unfortunately was smashed over your head by our good friend Tiger.

    Hooking hosts up to the internet without understanding the consiquences is a pretty bad thing to do. If your experiment goes wrong, it may become other peoples' problem. Even if the experiment goes right, the host may have other weaknesses that may become the problem of others.

    You can liken this to the guy who just wanted to site in his deer rifle in the backyard. He didn't mean to tear a hole in the neighbor's house, it just happened as he was experimenting with the windage knobs on the scope.

    Make sense?

    --TH13

    PS
    Java of any kind is crappy. If you are interested in mobile code, look into PERL, Python or the like.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #13
    Hi

    Fist of all...you cannot get any security with javascript....it's just for managing the web pages....gettins info...but not for more....

    algo from applets....those can be downloaded and decompiled ( DJ java decompiler )

    I'll suguest you'll make somo dinamical page..usgin jsp for example where you can log user activitiy and at the end of the session ( before the user closes the explorer...or goes somewhere else) show him what he has done...

    It'll be a god aproach to site monitoring...and also'll increase your programming skills
    we work in the dark - we give what we have - we do what what we can - our doubt`s our passion - our passion our task - the rest....- is the madness of art.

  4. #14
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    thehorse13, thank you for explaining this to me. from now on I will not host my files, and i will investigate jsp like some of the others have suggested.
    there's always a way in...

  5. #15
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Glad to assist. Again, don't be afraid to post here. Sometimes people, while acting in good faith, pounce a little too early.

    --Th13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •