In this new age of Ajax / Web 2.0, is anyone still blocking Javascript at the perimeter or disabling it in the browser?? I remember when this was a significant issue…and it may still be one. It seems like the advantages (perceived or not) of real time page updates provided by Ajax are out weighing the security risks of Javascript.
The reason I ask is that I installed a new Fortinet UTM at a customer site yesterday. When I was setting up the protection profile I could block Javascript, ActiveX and Cookies.
–Chris
Technorati Tags: Javascript, security, Ajax, Fortinet, UTM
January 6th, 2008 at 10:32 pm
NoScript here. Never can be too careful — and there are still ways around it..
January 7th, 2008 at 5:44 am
I surf using the NoScript plugin for Firefox which blocks all javascript by default on a page.
It causes the odd problem with payment systems which redirect to other domains, but it’s well worth I think, especially when you see the list of domains that some sites load active content from!