[development] jQuery 1.2 is released

D G dmitrig01 at gmail.com
Sat Sep 15 15:59:41 UTC 2007


Why not include an MD5 hash in the DB? When you first download the
javascript, it takes an MD5 hash of the file(s) and stores them in the
database.  Every cron, it checks.  If they are not the same, it
re-downloads.

On 9/15/07, Earl Miles <merlin at logrus.com> wrote:
>
> David Metzler wrote:
> > That's a bit unfair.  I was talking about the risk of compromising the
> > site and operating system protection etc.   I thought we were having a
> > discussion about risk vs. benefit, and I was trying to make a point that
> > compromised javascript code does not have the same risk factor as
> > compromised php code.   Particularly if you're talking about the ability
> > to propagate from host to host, etc. Some in this thread seemed to be
> > implying that this was the same level of risk.
> >
> > Javascript operates in a security sandbox.  PHP doesn't.
>
> Compromised javascript can do things like install invisible key loggers
> that send your keystrokes to some unknown location and steal whatever it
> is you enter into it.
>
> Hope you don't visit your financial website and enter your password
> after visiting your harmless-but-compromised javascript site.
>
> (Thanks to Rasmus for his presentation at OSCMS Summit for that tidbit.)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070915/7b22d1df/attachment.htm 


More information about the development mailing list