Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Java vs. JavaScript (security issues)

  1. #1
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101

    Java vs. JavaScript (security issues)

    I haven't access to a server at the moment, and I am planning to create another web page. However, I want to create some security as an experiment (just to say that I did it). I want to know what your opinions are on using a Java applet versus JavaScript. I know that applets can be blocked, and that script can be read from the source code. Any suggestions or insight would be helpful.
    there's always a way in...

  2. #2
    Member aciscorouter's Avatar
    Join Date
    Mar 2002
    Location
    Brampton, ON, Canada
    Posts
    35
    In terms of security, there are a number of vulnerabilities that exist for both OOP languages. What sort of audience will be viewing your site? A lot of corporate security policies turn both Java and Javascript off for security reasons.

    I guess depending on what you are planning on doing with it Java may have more flexibility, whereas Javascript can be learned and utilized over a weekend.

    In terms of compatibility, Java may be cross platform but some applications are very sensitive to the version of the JRE that has been installed and in some cases installing a newer JRE will break older Java applets. Javascript (the Mozilla kind) is widely supported by the latest Mozzilla, IE and Opera browsers.
    aCISCOrouter

    "I used up all my sick days, so I’m calling in dead."
    http://www.facebook.com/profile.php?id=554370423

  3. #3
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    hmmm, interesting....

    my audience is whoever wants to view the site by the way, as the security is just for fun
    there's always a way in...

  4. #4

    Re: Java vs. JavaScript (security issues)

    Originally posted here by Spekter1080
    I haven't access to a server at the moment, and I am planning to create another web page. However, I want to create some security as an experiment (just to say that I did it). I want to know what your opinions are on using a Java applet versus JavaScript. I know that applets can be blocked, and that script can be read from the source code. Any suggestions or insight would be helpful.
    You don't need access to a server to test client side applications Just build your app and drag and drop the html into your browser. Client side authentication or security is an oxymoron. Java applets are harder to tweak and such in comparison to javascript, but they both suck. Applets are also easily reverse engineered.

    Use a server side script for this.

  5. #5
    Banned
    Join Date
    Aug 2004
    Posts
    534
    He wants to create “some security just for fun”. – HAHA

    Just an idea..

    Any authenthification should be done on the server and NOT in plain text but as far as any kind of functionality on the web site it should run on the client side. Why risk having possibly buggy code running on your hardware and why for that matter, waste server side resources

  6. #6
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    Soda, first of all, I never ment for the "security" to be anything more than an application of my skills. It is not intended to keep anyone out. Second of all, to someone who is not as computer literate as yourself, the methods that I have selected would perform just fine for the purposes that I intended it.

    As for you, unhappy, I know already what you said. I do, however, totally agree with you. As you will recall, however, the experiment is not a serious attempt and should not be treated as such. Thank you for you input though.
    there's always a way in...

  7. #7
    Senior Member
    Join Date
    Jan 2004
    Posts
    228
    I was taking a Java course last year to fine tune my skills. Our professor decided to skip javascript because she said it wont be used as much anymore because of security issues and that a lot of people block it now.

    We ended up going into JSP more, which was great for me because it helped me with my web interface for the SQL database.

    IMO, Java would be more secure. If you create your classes right, you have more flexability on how objects are used and how variables are accessed. I'm not a hacker or a security specialist, but I feel better having my main class files located on my server. In my case, I used Tomcat.

  8. #8
    Originally posted here by Spekter1080
    Second of all, to someone who is not as computer literate as yourself, the methods that I have selected would perform just fine for the purposes that I intended it.
    Then I hope you can restrict users of your software by literacy. It only takes one threat to actualize a risk.

    I want to know what your opinions are on using a Java applet versus JavaScript.
    What's better at protecting a farm, a "do not enter" sign, or a scarecrow? I could give you an answer, but I can still steal your corn.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm going to make a couple of assumptions... If they are wrong.... don't yell... just correct them....

    however, the experiment is not a serious attempt
    You state that you want to create a web page. The implication of that is that you intend the page to be publicly available.

    You state that you want to experiment with security. The implication is that you intend and are competent in monitoring that web page and, ultimately, the server for compromise.

    You stated that your security isn't intended to keep anybody out.... Not sure what to say about that other than the point above is probably not going to occur, (proper monitoring and recognition of compromise).

    Now to the guts of my response.....

    You don't _play_ at security on the public internet.... Your web page becomes someone else's conduit to attack me... This is the irresponsible use of the internet that allows those of malicious intent to have their way so easily... You don't appear to be competent to do this properly, so please don't do it if it is publicly available...

    Understood?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Socialist Utopia Donkey Punch's Avatar
    Join Date
    Sep 2004
    Location
    In the basement
    Posts
    319
    I do not get the idea behind the experiment to begin with. Java and JavaScript are comparing apples and oranges.
    In loving memory of my step daughter 1987-2006

    Liberty In North Korea

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •