>Don't see how that differs from any other language. Any program, no matter what the language its written in can send you bad code from the server you have to download it from.
:shrug: Javascript is the one language where for its most popular uses, people download the code from a server on every use, and few if any other languages have that as the popular runtime mechanism.
I'd prefer it if the article were more obvious about the issue being the download-on-run mechanism rather than being titled as if the problem were the language itself.
>You also have the javascript engine/c compiler to worry about, which can of course also be malicious. Then you have the OS to worry about. ...
You could say that in any discussion about security, but I'm not sure it's really useful because it seems the implication is to give up on any security problem because perfection isn't possible.
>You could say that in any discussion about security.
Exactly. But no one does. Which is why you need to worry about all these guys pretending to know security.
Better to assume you are not secure when you mostly are, than assume you are secure when you definately are not. With baseband processors on mobile, and management engine on x64, all security is currently broken at the hardware level anyway. Major mindset shift needed to fix that.
:shrug: Javascript is the one language where for its most popular uses, people download the code from a server on every use, and few if any other languages have that as the popular runtime mechanism.
I'd prefer it if the article were more obvious about the issue being the download-on-run mechanism rather than being titled as if the problem were the language itself.
>You also have the javascript engine/c compiler to worry about, which can of course also be malicious. Then you have the OS to worry about. ...
You could say that in any discussion about security, but I'm not sure it's really useful because it seems the implication is to give up on any security problem because perfection isn't possible.