Can We Fix the Web?
InternetNews.com (03/20/08) Kerner, Sean Michael
During a keynote speech at the AjaxWorld conference, Douglas Crockford, creator of JavaScript Object Notation and a senior JavaScript architect at Yahoo, said the Web is in serious trouble, and the question is no longer should we fix it, but if we can. Crockford said browsers were not designed to do "all of this Ajax stuff," and Ajax only works because people have found ways to make Ajax work despite its limitations. "The number one problem with the Web is security," Crockford said. "The browser is not a safe programming environment. It is inherently insecure." Part of the problem is what Crockford called the "Turducken problem," or that people are trying to stuff the turkey with the duck. Crockford said the many programming languages on the Web can be built inside of each other, which can lead to problems. Crockford argued that these are not Web 2.0 problems, but were present in Netscape 2.0 in 1995. The security problems are based on three core items, Crockford said: JavaScript, DOM (document object model), and cookies. Crockford says JavaScript's global object is the root cause of all cross-site scripting attacks, while DOM is problematic because all nodes are linked to all other nodes on a network creating an insecure model, and cookies can be misused as tokens for authority. Crockford also blamed browser vendors for introducing new insecure JavaScript features, and said ultimately that JavaScript needs to be replaced with a secure language.
Click Here to View Full Article
No comments:
Post a Comment