[tor-talk] Programming language for anonymity network
Aymeric Vitte
vitteaymeric at gmail.com
Fri Apr 18 09:54:00 UTC 2014
Redefining anything in js is visible as "your nose on your face", as
well as importing silently anything, whatever obfuscation/minification
means are used it's trivial to check.
But here you do not have necessarly to import things and/or libraries,
you can package everything with your app so you control your package and
nothing can come from the outside or be injected.
Node is not an enormous platform with tons of dependencies, easy to check.
My opinion...
You should bring node to FF OS :-)
Regards
Aymeric
Le 18/04/2014 11:34, David Rajchenbach-Teller a écrit :
> On 18/04/14 11:30, Aymeric Vitte wrote:
> [...]
>> - nodejs is easy to audit (assuming that modules like V8 can be
>> audited), you can override node's functions/objects if you like
> [...]
>
> Actually, in my mind, that's one point against safety of Node.js
> applications. Redefining, say, Array.prototype.forEach is a good way to
> introduce hard-to-track bugs. Doubly so if this is done silently by
> importing a package (almost sure the latter is possible, but I haven't
> actually checked).
>
> Cheers,
> David
>
>
>
--
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
More information about the tor-talk
mailing list