| View previous topic :: View next topic |
| Author |
Message |
13kankowskik
-
Joined: 26 Oct 2005
Posts: 2
|
 Posted: Wed Oct 26, 2005 9:59 pm Post subject: http://movieworlds.no-ip.org/ |
 |
|
this is my site Enjoy it has some bugs but ill fix it :P
_________________
a host of Abyss x1 for a Movie chat room |
|
| Back to top |
    |
 |
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Wed Oct 26, 2005 10:29 pm Post subject: |
|
|
Not very work friendly, eh?
I perticularly like the use of apache server headers, very easy on the eyes, what with the use of that exceptionally friendly javascript.
Edit: Oh god, change it why don't you? -_-
_________________
 |
|
| Back to top |
    |
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Wed Oct 26, 2005 10:46 pm Post subject: |
|
|
It isnt at all friendly. It goes to a random CENSORED site each time. Very sad IMO.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Wed Oct 26, 2005 10:53 pm Post subject: |
|
|
| The Inquisitor wrote: | | It isnt at all friendly. It goes to a random CENSORED site each time. Very sad IMO. |
Disable javascript, like the wise ones amongst us.
_________________
|
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Wed Oct 26, 2005 11:23 pm Post subject: |
|
|
Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Wed Oct 26, 2005 11:25 pm Post subject: |
|
|
| The Inquisitor wrote: | | Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster. |
It's working fine for me without it.
_________________
|
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Wed Oct 26, 2005 11:26 pm Post subject: |
|
|
I know, it will but the buttons at the top use it. For adding bold, italics, font colour etc. Without JS you have to put them in manually.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Wed Oct 26, 2005 11:33 pm Post subject: |
|
|
| The Inquisitor wrote: | | I know, it will but the buttons at the top use it. For adding bold, italics, font colour etc. Without JS you have to put them in manually. |
Don't use them anyway.
JavaScript isn't worth having enabled now days. Javascript mostly has annoying or malicious usages these days.
_________________
|
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Wed Oct 26, 2005 11:34 pm Post subject: |
|
|
Malicious usages? Javascript cant damage any system in any way what so ever. It was designed so it couldnt. It cant modify files etc so what more can it do?
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Wed Oct 26, 2005 11:55 pm Post subject: |
|
|
| The Inquisitor wrote: | | Malicious usages? Javascript cant damage any system in any way what so ever. It was designed so it couldnt. It cant modify files etc so what more can it do? |
I wasn't referring to system damage.
For example, there was the phpbb XSS exploit a month or two ago that compromized PhpBB users who use IE, and stole their sessions. Which could destroy a forum should an administrator view the malicious code.
_________________
|
|
| Back to top |
|
|
AbyssUnderground
-
Joined: 31 Dec 2004
Posts: 3855
|
| Posted: Wed Oct 26, 2005 11:59 pm Post subject: |
|
|
Meh... I couldnt care less. All administrators should have backups. I have 3 backups so I have no worries.
_________________
Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Thu Oct 27, 2005 12:52 am Post subject: |
|
|
| The Inquisitor wrote: | | Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster. |
If you're generally a Firefox user, have a look at the NoScript extension... It's a whitelist based approach to allowing Javascript rather than a blanket allow/deny.
http://www.noscript.net/
_________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
| Back to top |
|
|
MonkeyNation
-
Joined: 05 Feb 2005
Posts: 921
Location: Cardiff
|
| Posted: Thu Oct 27, 2005 1:32 am Post subject: |
|
|
| Anonymoose wrote: | | The Inquisitor wrote: | | Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster. |
If you're generally a Firefox user, have a look at the NoScript extension... It's a whitelist based approach to allowing Javascript rather than a blanket allow/deny.
http://www.noscript.net/ |
Worship it allready.
_________________
|
|
| Back to top |
|
|
roganty
-
Joined: 08 Jun 2004
Posts: 357
Location: Bristol, UK
|
| Posted: Thu Oct 27, 2005 10:33 pm Post subject: |
|
|
| The Inquisitor wrote: | | Malicious usages? Javascript cant damage any system in any way what so ever. It was designed so it couldnt. It cant modify files etc so what more can it do? |
http://www.finjan.com/SecurityLab/SecurityTestingCenter/
on that page you will find a simple game. in the background javascript is running on your system making changes to a couple of your files.
actually it just copies the contents of "My Documents" to a folder on the desktop
_________________
Anthony R
Roganty | Links-Links.co.uk |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Thu Oct 27, 2005 11:29 pm Post subject: |
|
|
There's also a big difference between running javascript in a browser and manually executing a javascript on your local system - two completely different security contexts. Javascript in the browser should be sandboxed, if you run a local javascript it's the same as running a VBS, BAT file or whatever - no suprises if it manages to copy files...
| Code: |
var fso, fldr, f1, shell, path, objNet, text1, text2, text3, text4, text5, text6;
var DeskPath, MyDocPath, FavoritePath, CurrentFolder, fc,You;
fso = new ActiveXObject("Scripting.FileSystemObject");
shell = new ActiveXObject("WScript.Shell");
objNet = new ActiveXObject( "WScript.Network" )
DeskPath = shell.SpecialFolders("Desktop");
MyDocPath = shell.SpecialFolders("MyDocuments");
FavoritePath = shell.SpecialFolders("Favorites");
|
Oh no! Code that uses filesystem objects could access my filesystem when I manually download and run it! Quel suprise?
_________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
| Back to top |
|
|
|
