Plan C: Signed JavaScripts

The Mozilla docs on JavaScript security give a hint of hope that signed scripts will work around the cross-domain script exclusions that all good browsers enforce. But an item at DevArticles.com throws water on the idea:

Signed scripts are primarily useful in an intranet environment; they’re not so useful on the Web in general. To see why this is, consider that even though you can authenticate the origin of a signed script on the Web, there’s still no reason to trust the creator. If you encounter a script signed by your company’s IT department, you can probably trust it without much risk. However, you’d have no reason to think that a party you don’t know—for example, a random company on the Web—is at all trustworthy. So they signed their JavaScript—that doesn’t mean it doesn’t try to do something malicious! And if it did, most users would have no way of knowing.

In short, most browsers will pop up a scary looking security window asking the user what he or she want to do, and the chances of the user hitting the button marked “no, I don’t dare allow cross-domain XMLHTTPRequest calls” are at least 50-50. And, even if they weren’t, who would tolerate that message appearing regularly?

tags: , , , , , , , , , , , , , , ,

Others also read:

Related:

Posted September 20, 2005 by Casey Bisson
Categories: Libraries & Networked Information, Technology. Tags: , , , , , , , , , , , , , , , .

1 Comment(s)

  1. Comment by ALEX on April 15, 2008 5:07 pm

    MEGUSTARIA VER MI CIUDAD TAN HERMOSA DE MONTERREY

    Reply

Comments RSS TrackBack Identifier URI

Leave a comment

 

User contributed tags for this post:

Funny Javascripts (120) - Firefox signed script (66) - signed javascript (63) - firefox signed scripts (53) - firefox signed javascript (39) - signed javascript firefox (39) - funny java scripts (35) - signed javascripts (33) - javascript signed (32) - wpa workaround (31) - signed (28) - signed script firefox (25) - signed scripts firefox (20) - javascripts (19) - xmlhttprequest cross domain (17) - cross domain xmlhttprequest (16) - xmlhttprequest signed script (16) - cross domain scripting workaround (14) - free funny javascripts (13) - javascript cross domain workaround (12) - XMLHttpRequest signed (10) - Firefox 3 accessing signed javascript page (10) - mozilla signed script (10) - firefox Digitally sign script (9) - cross domain script exclusion (9) - firefox signing scripts (8) - google maps cross domain (8) - cross domain workaround (8) - signed scripting (8) - Firefox 3.0 signed Javascript (8) - XMLHTTPRequest crossdomain (7) - cross domain scripting with XMLHttpRequest (7) - Signed XMLHTTPRequest (7) - signed javascript demo (7) - signed javascript example (7) - signed javascript safari (7) - firefox 3 signed javascript (7) - javascript signed script (6) - javascript wpa (6) - signed script demo (6) - Safari signed javascript (6) - firefox signed (6) - mozilla signed javascript (6) - iphone signed javascript cross-domain (6) - firefox sign javascript (6) - plan c (6) - Digitally sign scripts firefox (6) - firefox javascript security signed script (6) - cross domain scripting work around (6) - WWW GOOGLEEARTH COM (6) - sign script javascript (5) - signed javascript xmlhttprequest (5) - Signed Scripts in firefox (5) - firefox javascript signed (5) - Firefox trust domain scripts (5) - xmlhttprequest domain workaround (5) - signed javascript mozilla (5) - xmlHTTPrequest cross domain workaround (5) - sign script firefox (5) - signed javascript tutorial (4) - Google erth plan (4) - googleheart (4) - wpa workaround javascript (4) - signed javascript in firefox (4) - erth plan (4) - cross domain javascript signed (4) - signed scripts cross domain (4) - digitally sign javascript example (4) - cross domain signed javascript (4) - workaround cross domain scripting (4) - signed script (4) - javascript Signed Scripts (4) - cross domain javascript signed script (4) - cross domain google maps (4) - mozilla cross domain script (4) - cross domain signed script (4) - cross domain scripts (4) - signed javascript firefox 3 (4) - javascript XMLHTTPrequest signed (4) - allow cross domain scripting (4) - firefox digitally sign javascript (4) - xmlhttprequest workaround (4) - digitally sign javascript (4) - google maps api cross domain (4) - firefox crossdomain (4) - firefox digitally signed scripts (4) - XMLHttpRequest firefox cross domain (4) - javascript cross domain (4) - FireFox script signed (3) - firefox sign script (3) - xmlhttprequest signed scripts (3) - signing script mozilla firefox xmlhttprequest (3) - how to signed javascript (3) - firefox how to sign scripts (3) - work around cross domain scripting (3) - signing javascript crossdomain mozilla (3) - javascript cross domain workarounds (3) - mozilla cross domain post (3) - signing javascript firefox (3) - firefox allow cross domain scripting (3) - Firefox 2 XMLHTTPRequest (3) - sign scripts firefox (3) - cross domain script firefox (3) - Google Map cross domain scripting (3) - firefox cross domain scripting workaround (3) - signed scripts mozilla (3) - cross domain workaround javascript (3) - sign scripts for firefox 3 (3) - firefox cross domain xmlhttprequest (3) - java scripts (3) - google maps cross domain scripting (3) - xmlhttp crossdomain (3) - Digitally signed scripts firefox (3) - firefox 3 signed scripts (3) - signed javascript google maps (3) - firefox javascript signing XmlHttpRequest (3) - javascript iframe cross-domain signed (3) - digitally sign scripts in firefox (2) - 10828 (2) - signing java scripts (2) - digitally signed script (2) - xmlhttp signed (2) - javascript signing script (2) - firefox script signing (2) - wpa workaround script (2) - signed-script-demo (2) - firefox signed JavaScript code (2) - firefox crossdomain javascript (2) - Digitally Signed JavaScript (2) - digitally sign script (2) - cross domain javascript in firefox (2) - funny java scripting buttons (2) - Signed Scripts safari (2) -
PC World Pepper Pad Reviewer Doesn’t Get It Satellite Broadband