lkvam at venix.com
Tue Jul 3 20:06:39 EDT 2007
On Tue, 2007-07-03 at 18:11 -0400, Ben Scott wrote:
> On 7/3/07, Ben Scott <dragonhawk at gmail.com> wrote:
> > or something else entirely (maybe sandboxed Python -- ha! on-topic!),
> > I think this kind of thing is inevitable.
> I should probably temper that by saying that, until such time as the
> issues get sorted out and stable solutions are developed, a stronger
> security stance is a good idea. Ideally, that means designing sites
> browsing with some kind JS restrictions in place.
> I tried NoScript myself, for a while. It seemed like a Good Thing
> at first. Alas, I found I ended up enabling JS for almost every site
> I visited, which rather defeated the purpose. So I removed it. A
> security solution which doesn't work, doesn't work. (You'd think this
> would go without saying.)
Yeah, my NoScript whitelist contains 1196 lines. Still, the sites I
either gets closed, given temporary permission, or whitelisted. It's
not so very different from the decision to load email images, except
Evolution has no whitelist. I decide on a case-by-case basis.
The security works. Is it worth the grief? I've decided yes, but I may
be excessively paranoid.
> My thinking is there is probably a better solution to the immediate
> problem than the all-or-nothing approach of NoScript. For example,
> Firefox already has ways to selectively inhibit manipulation of the
> Object Model: Go to "about:config, and search for "dom.disable". I
> have most of these set to "True". More along this line seems like a
> good idea. I don't have the first clue about specifics, though.
> -- Ben
> Python-talk mailing list
> Python-talk at dlslug.org
1 Court Street, Suite 378
Lebanon, NH 03766-1358
More information about the Python-talk