Jump to content

Java & JavaScript


philrodo
 Share

Recommended Posts

It's becoming obvious that the Java platform is full of security holes and the quicker it dies, the better off we'll all be.

See: http://krebsonsecurity.com/2014/04/critical-java-update-plugs-37-security-holes/

 

Is there any thinking at Vound to move Intella away from Java and onto a different programming platform? 

 

Worse, this forum requires JavaScript to run. I've disabled that from running on my primary browser and only use a secondary browser that has JavaScript enabled for a few websites that I trust, but then again this is a pain. At a minimum, can't you find forum software that doesn't require JavaScript? 

 

Best regards, Phil

 

Link to comment
Share on other sites

Phil,

 

The website you list offers very poor advice on removing "Java".  You will suffer no end of inconvenience an be no more secure.  Java is first or second most used programming language, so expect to see more of it and not less. It will have bugs  as do all other languages, platforms and devices. 

 

Again I stress the advice on that website is poorly explained (see links below)  and on a whole bad advice. The mere fact that you have to run a second browser is proof of how inconvenient his advice is. If you are intent on doing this you should think of blocking PHP sites. Those can also do harm http://php.webtutor.pl/en/2011/05/13/php-code-injection-a-simple-virus-written-in-php-and-carried-in-a-jpeg-image/

 

Please see this link... 

http://www.java.com/en/download/faq/java_javascript.xml

http://stackoverflow.com/questions/245062/whats-the-difference-between-javascript-and-java

Link to comment
Share on other sites

I should also note that the site does not follow its own advice. The site relies heavily on Java-script and worse, they use 3rd-party JS libraries and WordPress.  Wordpress is patched for security holes a lot more often than Java. 

 

Seems they can give advice but don't care to follow it..... 

 

Does your own site use Java-script ? 

 

 

Link to comment
Share on other sites

Phil,

 

The Java vulnerabilities are about possibility of writing a malicious code that may circumvent the Java security model to get an unauthorized access to the system. This mostly concerns the applets executed in a web-browser using Java plug-in. As it was pointed out in the comments to the KrebsOnSecurity article, it is enough to disable the Java plug-in in the browser to be on the safe side.

 

This does not mean any security risk for the users of regular trusted applications built on the Java platform.

 

The Java Runtime Environment distributed as a part of the Intella installer does not contain Java plug-in, so installing Intella does not compromise your system security by no means.

Link to comment
Share on other sites

 Share

×
×
  • Create New...