Page 1 of 1

Browser security december 2007.

Posted: Sun Dec 09, 2007 12:11 pm
by KBleivik
Opera is indeed the safest browser in the world. You have no way of convincing Opera 8.5 to allow the JavaScript code to access a different server than the one it was loaded from.

Source: Christian Darie, Bogdan Brinzarea, Filip Chereches-Tosa and Mihai Buicica (March 2006): "AJAX and PHP. Building Responsive Web Applications" Packt Publishing page 84.

This was written in the beginning of 2006 when Opera 8.5 was the current version. Today Opera are on its full way to version 10 that surely will have advanced functionality and full support for AJAX and Web 2.0.

The Opera Browser is made by the Norwegian company with the same name. Opera also has a seamless solution for mobile surfers Opera Mini. This is important for countries in Africa and parts of Asia with no or bad connection to the internet.

KW search:
  • Browser security.
  • Cross server scripting.
  • Opera security.
  • Internet explorer security.
  • Firefox security.
  • CSS hacks
  • DOM scripting problems and Internet Explorer.
  • W3C standards and web browsers.
Sites that do not render well or at all in a browser.
An internet page is a bit stream (0,1)'s to a web browser. Web browsers interpret this bit stream differently. Web browsers also support different technologies like JavaScript (the DOM) and CSS differently. The next wave of internet sites will be XML driven. As of this writing there is no browser that fully support the important XML technologies like XPath, XPointer, XInclude, XLinks and XSL(T). The XML family of technologies are very important for semantic markup and semantic linking.

If a page does not function well in Opera, that it is a clear sign that you shall be careful with the site. First of all, if a web master does not check his pages in Opera, you can doubt the skills of this webmaster. Aside from this, it may indicate that the site has malware. Worst, if it is an ecommerce site with online payment, it may be an indication of a cross server script that tries to steal your bank account number or your credit card number. Be careful if a page does not render well in Opera.

ActiveX objects and security.
An ActiveX object is Microsoft's term for a reusable software component that provides encapsulated reusable functionality. In Internet Explorer, such objects normally give client-side scripting access to operating system facilities like the file system. I had to write this in red. If you do not see the consequences yourself, I can mention that this has great potential to corrupt and damage your system. It is one way to install key-loggers that steel your credit card number. It is one way to infiltrate your operating system and install malware, worms, Trojan horses and virus on your computer.

If this is not enough arguments for you to switch to another browser, there is a least one reason in the end of 2007 to switch to Opera. It is simply also much more secure for the sole reason that it is much harder to attack and it's market share is so small that it is not the primary target for hackers and intruders.

More JavaScript (AJAX) security.
Opera requires you to set Content-Type header of a POST request using the SetRequestHeader method. Other browsers don't require it, but it's the safest approach to take to allow for all browsers.
Source: Kevin Yank & Cameron Adams (September 2007): "Simply JavaScript" SitePoint book. Page 311.

Related links:
Web browser security summary.

Browser security by fix rate.

Google Chrome Security Vulnerabilities.

Cisco 2008 annual security report::: The invisible hacker..