Chapter 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave

only for RuBoard - do not distribute or recompile

Chapter 13. Mobile Code II: Java, JavaScript, Flash, and Shockwave

In the last chapter we examined the risks inherent in downloading and running plug-ins, ActiveX controls, and other kinds of machine code. We saw that while many of these programs are well behaved, they can occasionally be quite vicious. Once a downloaded program starts running, it inherits all of the privileges and access rights of the user who invoked it.

Java, JavaScript, Flash, and Shockwave are all attempts to allow web developers to realize many of the benefits of mobile code without assuming the corresponding dangers. Instead of downloading raw executable machine code, all of these systems download an intermediate language that is then interpreted on the user's computer. In theory, these interpreted languages can provide additional security by simply not implementing dangerous functionality. For example, JavaScript has no built-in mechanism to read files on the local computer's hard disk, so it should be impossible to write a JavaScript program that scans the user's hard disk for interesting files and then uploads these files to a hostile web server.

In practice, Java, JavaScript, Flash, and Shockwave do provide significantly more security than the mobile code techniques than were considered in the previous chapter. But because of implementation failings and occasional design flaws, none of these systems actually provide as much security as their inventors claim.

only for RuBoard - do not distribute or recompile


Web Security, Privacy & Commerce
Web Security, Privacy and Commerce, 2nd Edition
ISBN: 0596000456
EAN: 2147483647
Year: 2000
Pages: 194

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net