E-mail List Archives

Re: Javascript and security

for

From: Mark Rew
Date: Jan 21, 2003 1:24PM


Write me off of the list for a long detail description document of providing
Web server and Web site security.

To summarize we used a combination of
- IP filtering,
- Appropriate firewalls,
- Private key protection,
- and, LDAP look up.

We have a requirement to provide pages to corporate employees nationally, but
only those employees that are authorized to access the site. Some of these
employees have a need to load data to the server.

No JavaScript was used for the authentication nor encryption.

Mark
----- Original Message -----
From: "Ben Coutts" < <EMAIL REMOVED> >
To: < <EMAIL REMOVED> >
Sent: Tuesday, January 21, 2003 1:32 PM
Subject: Javascript and security


> Hi list.
> My first posting.
>
> I have a question about priority one checkpoint 6.3 -
> Ensure that pages are usable when scripts, applets, or other programmatic
> objects are turned off or not supported. If this is not possible, provide
> equivalent information on an alternative accessible page.
>
> Keeping this in mind, how are security issues dealt with without javascript?
> An example of such javascript usage would be logging out from an internet
> banking page where it's in the security interests of the user to be logged
> out after finishing their tasks.
> The problem is compounded by the fact that banks typically have extremely
> rigorous security standards. Hence, any solution would have to be
> technically robust.
>
> Does anyone have any information or links pertaining to this subject?
>
> Please reply to me and I'll summarise for the list.
>
> Thanks for your help.
> Ben Coutts
> Designer
> www.dowcarter.com
>
>
> ----
> To subscribe, unsubscribe, or view list archives,
> visit http://www.webaim.org/discussion/
>
>


----
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/