CERT Advisory CA-2000-02

Thomas Dowling tdowling at ohiolink.edu
Thu Feb 3 09:49:13 EST 2000


W4L--

CERT has issued an advisory about security issues for web sites that
created dynamic output based on user input, such as message boards or chat
pages.  http://www.cert.org/advisories/CA-2000-02.html

What you probably want to be aware of is the recommended solution: "Web
Users Should Disable Scripting Languages in Their Browser".  As someone
who surfs with scripting off by default, I can tell you a lot of sites
with JavaScript infatuation completely fall apart with scripting off.
This might be a good time to check your <NOSCRIPT> elements.

[List members who've endured my kvetching in the past will recall that
scriptless usability is also a priority 1 checkpoint in the Web Content
Accessibility Guidelines, so you'll be killing two birds with one stone.]

Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu




More information about the Web4lib mailing list