The Mozilla docs on JavaScript security give a hint of hope that signed scripts will work around the cross-domain script exclusions that all good browsers enforce. But an item at DevArticles.com throws water on the idea:
Signed scripts are primarily useful in an intranet environment; they’re not so useful on the Web in general. To see why this is, consider that even though you can authenticate the origin of a signed script on the Web, there’s still no reason to trust the creator. If you encounter a script signed by your company’s IT department, you can probably trust it without much risk. However, you’d have no reason to think that a party you don’t know—for example, a random company on the Web—is at all trustworthy. So they signed their JavaScript—that doesn’t mean it doesn’t try to do something malicious! And if it did, most users would have no way of knowing.
In short, most browsers will pop up a scary looking security window asking the user what he or she want to do, and the chances of the user hitting the button marked “no, I don’t dare allow cross-domain XMLHTTPRequest calls” are at least 50-50. And, even if they weren’t, who would tolerate that message appearing regularly?
tags: cross domain, cross domain script exclusion, cross domain scripting, internet security, intranet environment, javascript, javascript security, mozilla, security, security components, signed script, signed scripts, web scripting, web security, xdomain, xmlhttprequest
Related:
Posted September 20, 2005 by Casey
Categories: Libraries & Networked Information, Technology. Tags: cross domain, cross domain script exclusion, cross domain scripting, internet security, intranet environment, javascript, javascript security, mozilla, security, security components, signed script, signed scripts, web scripting, web security, xdomain, xmlhttprequest.
1 Comment(s)
Comments RSS
TrackBack Identifier URI
Leave a comment
User contributed tags for this post:
Funny Javascripts (117) - signed javascript (59) - Firefox signed script (55) - firefox signed scripts (45) - firefox signed javascript (37) - signed javascript firefox (36) - wpa workaround (31) - funny java scripts (31) - signed javascripts (29) - javascript signed (29) - signed script firefox (21) - signed scripts firefox (19) - javascripts (19) - xmlhttprequest cross domain (17) - cross domain xmlhttprequest (16) - xmlhttprequest signed script (16) - free funny javascripts (13) - signed (13) - cross domain scripting workaround (12) - www worldsex c (12) - www.allsex.com (12) - javascript cross domain workaround (11) - XMLHttpRequest signed (10) - Firefox 3 accessing signed javascript page (10) - cross domain script exclusion (9) - Firefox 3.0 signed Javascript (8) - 4sex com (8) - WWW.WORLDSEX.C (8) - cross domain workaround (8) - google maps cross domain (8) - www 89 com c (7) - firefox signing scripts (7) - mozilla signed script (7) - Signed XMLHTTPRequest (7) - cross domain scripting with XMLHttpRequest (7) - XMLHTTPRequest crossdomain (7) - iphone signed javascript cross-domain (6) - firefox signed (6) - WWW GOOGLEEARTH COM (6) - MOVIS (6) - javascript wpa (6) - firefox sign javascript (6) - plan c (6) - 4sex (6) - signed javascript example (6) - mozilla signed javascript (6) - cross domain scripting work around (6) - firefox Digitally sign script (6) - firefox javascript security signed script (6) - www.worldsex (5) - firefox javascript signed (5) - worldsex.c (5) - signed javascript xmlhttprequest (5) - signed script demo (5) - Digitally sign scripts firefox (5) - Firefox trust domain scripts (5) - javascript signed script (5) - xmlHTTPrequest cross domain workaround (5) - signed javascript demo (5) - sign script firefox (4) - firefox crossdomain (4) - erth plan (4) - signed javascript tutorial (4) - firefox 3 signed javascript (4) - cross movis (4) - cross domain javascript signed (4) - signed javascript in firefox (4) - cross domain signed javascript (4) - XMLHttpRequest firefox cross domain (4) - googleheart (4) - signed javascript firefox 3 (4) - signed javascript mozilla (4) - Google erth plan (4) - wpa workaround javascript (4) - google maps api cross domain (4) - Signed Scripts in firefox (4) - cross domain google maps (4) - sign script javascript (4) - cross domain scripts (4) - cross domain javascript signed script (4) - mozilla cross domain script (4) - javascript cross domain (4) - workaround cross domain scripting (4) - digitally sign javascript example (4) - xmlhttprequest domain workaround (4) - funny movis (4) - xmlhttprequest workaround (4) - allow cross domain scripting (4) - xmlhttprequest signed scripts (3) - signed scripting (3) - javascript cross domain workarounds (3) - google 4sex (3) - Safari signed javascript (3) - javascript Signed Scripts (3) - FireFox script signed (3) - work around cross domain scripting (3) - firefox cross domain scripting workaround (3) - signing javascript firefox (3) - Digitally signed scripts firefox (3) - signed javascript google maps (3) - signing javascript crossdomain mozilla (3) - how to signed javascript (3) - signed script (3) - cross domain workaround javascript (3) - signing script mozilla firefox xmlhttprequest (3) - firefox digitally signed scripts (3) - cross domain script firefox (3) - google maps cross domain scripting (3) - firefox how to sign scripts (3) - firefox cross domain xmlhttprequest (3) - indian movis (3) - firefox allow cross domain scripting (3) - mozilla cross domain post (3) - digitally sign javascript (3) - sign scripts firefox (3) - Google Map cross domain scripting (3) - firefox javascript signing XmlHttpRequest (3) - firefox sign script (3) - java scripts (3) - Firefox 2 XMLHTTPRequest (3) - xmlhttp crossdomain (3) - firefox digitally sign javascript (3) - firefox allowing cross domain scripts (2) - cross domain signed scripts (2) - java signed scripts location (2) - workaround xmlhttprequest javascript (2) - javascript cross domain signed (2) - allow cross domain xmlHttpRequest mozilla (2) - how to sign java scripts (2) - cross domain XMLHttpRequest scripts (2) - cross domain scripting and google map api (2) - funny java scripting buttons (2) - firefox xmlhttprequest domain workaround (2) - mozilla xmlhttprequest cross domain hacks (2) - sample for cross domain xmlhttprequest (2) - firefox xmlhttprequest remote domain (2) - javascript xmlhttprequest cross domain (2) - signing scripts mozilla (2) - crossdomain java (2) - short movis (2) - cross domain script (2) - firefox signed scripts xmlhttprequest (2) - signed scripts mozilla (2) - XMLHttpRequest firefox 2 (2) - cross domain post mozilla javascript (2) - crossdomain xmlhttprequest (2) - XMLHttpRequest C (2) - digitally signed scripts in firefox (2) - Java funny scripts (2) - xmlhttp signed (2) -
MEGUSTARIA VER MI CIUDAD TAN HERMOSA DE MONTERREY