incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Arno" <>
Subject RE: Signed RSL from Apache
Date Tue, 21 Feb 2012 10:19:11 GMT
> From: Haykel BEN JEMIA [] 
> Sent: 20 February 2012 16:00
> Talking about security, I think there is nothing being done to 
> prevent man-in-the-middle for JS libraries hosted by Google 
> for example, so it does not seem to be an issue even if JS is plain 
> text and easier to manipulate (I did not hear about such an attack).
>  Is the RSL issue we are talking about a real issue?

I think it's more  a case that the JavaScript community seem more /relaxed/ about security.
Such attacks are theoretically possible at least. If you are writing an application for a
bank for example that handles financial transactions, then I'd imagine even theoretical threats
have to be taken seriously.


View raw message