The Mozilla docs on JavaScript security give a hint of hope that signed scripts will work around the cross-domain script exclusions that all good browsers enforce. But an item at DevArticles.com throws water on the idea:
Signed scripts are primarily useful in an intranet environment; they’re not so useful on the Web in general. To see why this is, consider that even though you can authenticate the origin of a signed script on the Web, there’s still no reason to trust the creator. If you encounter a script signed by your company’s IT department, you can probably trust it without much risk. However, you’d have no reason to think that a party you don’t know—for example, a random company on the Web—is at all trustworthy. So they signed their JavaScript—that doesn’t mean it doesn’t try to do something malicious! And if it did, most users would have no way of knowing.
In short, most browsers will pop up a scary looking security window asking the user what he or she want to do, and the chances of the user hitting the button marked “no, I don’t dare allow cross-domain XMLHTTPRequest calls” are at least 50-50. And, even if they weren’t, who would tolerate that message appearing regularly?
tags: cross domain, cross domain script exclusion, cross domain scripting, internet security, intranet environment, javascript, javascript security, mozilla, security, security components, signed script, signed scripts, web scripting, web security, xdomain, xmlhttprequest
Posted September 20, 2005 by Casey Bisson
Categories: Libraries & Networked Information, Technology. Tags: cross domain, cross domain script exclusion, cross domain scripting, internet security, intranet environment, javascript, javascript security, mozilla, security, security components, signed script, signed scripts, web scripting, web security, xdomain, xmlhttprequest.
1 Comment(s)
Comments RSS
TrackBack Identifier URI
User contributed tags for this post:
Funny Javascripts (120) - Firefox signed script (66) - signed javascript (63) - firefox signed scripts (53) - signed javascript firefox (39) - firefox signed javascript (39) - funny java scripts (35) - signed javascripts (33) - javascript signed (32) - wpa workaround (31) - signed (28) - signed script firefox (25) - signed scripts firefox (20) - javascripts (19) - xmlhttprequest cross domain (17) - xmlhttprequest signed script (16) - cross domain xmlhttprequest (16) - cross domain scripting workaround (14) - free funny javascripts (13) - javascript cross domain workaround (12) - mozilla signed script (10) - Firefox 3 accessing signed javascript page (10) - XMLHttpRequest signed (10) - firefox Digitally sign script (9) - cross domain script exclusion (9) - signed scripting (8) - cross domain workaround (8) - google maps cross domain (8) - firefox signing scripts (8) - Firefox 3.0 signed Javascript (8) - Signed XMLHTTPRequest (7) - firefox 3 signed javascript (7) - cross domain scripting with XMLHttpRequest (7) - XMLHTTPRequest crossdomain (7) - signed javascript example (7) - signed javascript demo (7) - signed javascript safari (7) - firefox sign javascript (6) - plan c (6) - Safari signed javascript (6) - WWW GOOGLEEARTH COM (6) - javascript signed script (6) - iphone signed javascript cross-domain (6) - firefox javascript security signed script (6) - javascript wpa (6) - mozilla signed javascript (6) - Digitally sign scripts firefox (6) - firefox signed (6) - cross domain scripting work around (6) - signed script demo (6) - Signed Scripts in firefox (5) - xmlhttprequest domain workaround (5) - signed javascript xmlhttprequest (5) - signed javascript mozilla (5) - sign script javascript (5) - xmlHTTPrequest cross domain workaround (5) - sign script firefox (5) - Firefox trust domain scripts (5) - firefox javascript signed (5) - signed javascript in firefox (4) - digitally sign javascript example (4) - wpa workaround javascript (4) - javascript Signed Scripts (4) - xmlhttprequest workaround (4) - workaround cross domain scripting (4) - XMLHttpRequest firefox cross domain (4) - firefox digitally signed scripts (4) - cross domain javascript signed (4) - digitally sign javascript (4) - cross domain signed script (4) - cross domain javascript signed script (4) - erth plan (4) - signed scripts cross domain (4) - signed javascript firefox 3 (4) - googleheart (4) - javascript XMLHTTPrequest signed (4) - mozilla cross domain script (4) - allow cross domain scripting (4) - firefox crossdomain (4) - cross domain signed javascript (4) - signed javascript tutorial (4) - javascript cross domain (4) - cross domain google maps (4) - firefox digitally sign javascript (4) - Google erth plan (4) - google maps api cross domain (4) - signed script (4) - cross domain scripts (4) - firefox javascript signing XmlHttpRequest (3) - javascript iframe cross-domain signed (3) - how to signed javascript (3) - firefox cross domain xmlhttprequest (3) - Google Map cross domain scripting (3) - Firefox 2 XMLHTTPRequest (3) - xmlhttprequest signed scripts (3) - firefox 3 signed scripts (3) - signing script mozilla firefox xmlhttprequest (3) - javascript cross domain workarounds (3) - firefox cross domain scripting workaround (3) - sign scripts for firefox 3 (3) - xmlhttp crossdomain (3) - firefox allow cross domain scripting (3) - firefox how to sign scripts (3) - Digitally signed scripts firefox (3) - work around cross domain scripting (3) - mozilla cross domain post (3) - java scripts (3) - signing javascript crossdomain mozilla (3) - signed javascript google maps (3) - cross domain script firefox (3) - FireFox script signed (3) - signing javascript firefox (3) - sign scripts firefox (3) - google maps cross domain scripting (3) - firefox sign script (3) - cross domain workaround javascript (3) - Digitally Signed JavaScript (2) - funny java scripting buttons (2) - crossdomain java (2) - wpa workaround script (2) - signed scripts mozilla (2) - firefox crossdomain javascript (2) - mozilla xmlhttprequest cross domain hacks (2) - Signed Scripts in Mozilla (2) - javascript signed cross domain (2) - firefox xmlhttprequest remote domain (2) - firefox allow XMLHttpRequest domain workaround (2) - iphone signed javascript (2) - xmlhttp signed (2) - cross domain javascript in firefox (2) - xmlhttprequest cross domain java (2) - Signed Javascript Howto (2) - javascript signed means (2) - XMLHttpRequest C (2) -
MEGUSTARIA VER MI CIUDAD TAN HERMOSA DE MONTERREY