[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: REM_ote
> Until there's security oriented configurability, I can't say
> Netscape has anything better than an acceptable record. They do a
> decent job of fixing the bugs, but only if you can enfore deployment
> of a new version, and ensure that old, bad features are not used.
I guess that I have confidence in Netscape because they have a history of
responding to concerns posted here and elsewhere. Security oriented
configurability will be a good test -- I would be surprised if it doesn't
come out soon.
What are we talking about specifically when we talk about security
oriented configurability? Rather than just turning java(script) on and
off, wouldn't it be useful to piggyback off of the X.509 system that's
already in place?
For every CA's or server's cert, they'd just have to add two checkboxes:
whether or not to run java applets or javascript code from servers
vouched for by those certs. Is that what people mean when they talk
about configurability, or just the ability to shut down java*script) all
together?