E-mail List Archives
Thread: Javascript and security
Number of posts in this thread: 2 (In chronological order)
From: Ben Coutts
Date: Tue, Jan 21 2003 11:47AM
Subject: Javascript and security
No previous message | Next message →
Hi list.
My first posting.
I have a question about priority one checkpoint 6.3 -
Ensure that pages are usable when scripts, applets, or other programmatic
objects are turned off or not supported. If this is not possible, provide
equivalent information on an alternative accessible page.
Keeping this in mind, how are security issues dealt with without javascript?
An example of such javascript usage would be logging out from an internet
banking page where it's in the security interests of the user to be logged
out after finishing their tasks.
The problem is compounded by the fact that banks typically have extremely
rigorous security standards. Hence, any solution would have to be
technically robust.
Does anyone have any information or links pertaining to this subject?
Please reply to me and I'll summarise for the list.
Thanks for your help.
Ben Coutts
Designer
www.dowcarter.com
----
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/
From: Mark Rew
Date: Tue, Jan 21 2003 1:24PM
Subject: Re: Javascript and security
← Previous message | No next message
Write me off of the list for a long detail description document of providing
Web server and Web site security.
To summarize we used a combination of
- IP filtering,
- Appropriate firewalls,
- Private key protection,
- and, LDAP look up.
We have a requirement to provide pages to corporate employees nationally, but
only those employees that are authorized to access the site. Some of these
employees have a need to load data to the server.
No JavaScript was used for the authentication nor encryption.
Mark
----- Original Message -----
From: "Ben Coutts" < = EMAIL ADDRESS REMOVED = >
To: < = EMAIL ADDRESS REMOVED = >
Sent: Tuesday, January 21, 2003 1:32 PM
Subject: Javascript and security
> Hi list.
> My first posting.
>
> I have a question about priority one checkpoint 6.3 -
> Ensure that pages are usable when scripts, applets, or other programmatic
> objects are turned off or not supported. If this is not possible, provide
> equivalent information on an alternative accessible page.
>
> Keeping this in mind, how are security issues dealt with without javascript?
> An example of such javascript usage would be logging out from an internet
> banking page where it's in the security interests of the user to be logged
> out after finishing their tasks.
> The problem is compounded by the fact that banks typically have extremely
> rigorous security standards. Hence, any solution would have to be
> technically robust.
>
> Does anyone have any information or links pertaining to this subject?
>
> Please reply to me and I'll summarise for the list.
>
> Thanks for your help.
> Ben Coutts
> Designer
> www.dowcarter.com
>
>
> ----
> To subscribe, unsubscribe, or view list archives,
> visit http://www.webaim.org/discussion/
>
>
----
To subscribe, unsubscribe, or view list archives,
visit http://www.webaim.org/discussion/