|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: forbidden functions on client-side scripts
Date: Thu Dec 12 2002 - 03:36:39 EST
Shimon,
Most client applications such as web browsers and email clients have built-in security measures to prevent the execution of malicious code in VB and Java Script. Most of these measures are defined in whole or in part by the W3C specification for including VB and Java script interpreters in such client applications. For the most part, these rules are governed by the "trusted" sites and user settings. The execution of the malicious code happens when the end user or system administrator changes these settings on the actual clients and creating a security hole where this can take place.
In my experience, widely used and financially backed applications do a fair job at minimizing the opportunity of malicious client side scripts to execute. They additionally post security patches that are available to patch holes that may have been left open during the prior development phases.
In other words, I would not worry too much about adding "key words" such as the ones on your lists to look for malicious code. The only key time to look for these words would be when you are developing a new application that could potentially be vulnerable to malicious client side scripting.
If I failed to hammer the nail on the head, please explain in more detail about the specific use of these filters for which they will be used in order to provide more specific information to assist you in your quest for a complete answer to your question.
Regards,
Alonso
On 12/11/02 9:06 AM, "Shimon Silberschlag" <shimons@bll.co.il> wrote:
> Some products that are used as content filters for the HTTP traffic
-- Alonso Robles Email: kha0z@earthlink.netReceived on Thu Dec 12 20:37:51 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |