JavaScript, Jscript, or VBScript.

Posted on 2006-04-13
Medium Priority
Last Modified: 2012-05-05
JavaScript, Jscript, or VBScript. which one is more secure if I want to make question for user to answer
Question by:teera
LVL 12

Assisted Solution

GinEric earned 600 total points
ID: 16454453
None of them are secure; they are all equally as bad as each other.

Author Comment

ID: 16458616
Hi GinEric
Can you show me why all of them are not secure ? Did you have any solution that more secure
Thank you

Assisted Solution

jjoseph_x earned 400 total points
ID: 16458898
JavaScript and JScript are the same thing (the "J" in JScript is for Java).  As for security... no programming (or scripting) language is any more secure than another; it's up to the programmer (lousy, unsecure code is lousy, unsecure code if any language).

Scripting languages are a bit more unsecure in that you see all of the code (just open the script in a text editor) which can give a hacker/attacker more insight into your system.  However, at least on an MS platform, you can encrypt your scripts.

LVL 33

Assisted Solution

shalomc earned 400 total points
ID: 16464618
Secure from what?
Do you want to secure your code from theft?
Maybe to secure the user from mitm attacks and code injection?
Are you after a language that runs in a sandbox and is forgiving to programmer error?
Do you want to block user modifications to your code to secure the application?

LVL 12

Accepted Solution

GinEric earned 600 total points
ID: 16473857
"Can you show me why all of them are not secure ? Did you have any solution that more secure"

In addition to what jjoseph_x says about all code being insecure, it's simle: they have all been broken into.

There is a solution in hardware and Intel, AMD, and Citrix are just getting around to something Motorola and mainframes have had for a long time: Control Mode Operators.  One would have to replace the Operating System itself to execute these special operators, and event whose probability is similar to cracking above 1024 encryption, next to impossible.

But the tiers will remain, machine=hard to break into unless you know machine code, compiled code=hard to break into unless you know compiled sources and defines [which a lot of people do], interpretors=the easiest to break into because even simple experimentation reveals even encryption.  It is very easy to reverse engineer scripts, even if they are encoded, by simple trial and error.

cookies are insecure, and hackers have it down to now simply visiting a web page to infect your computer.

As a test question, the "which one is more secure" is non sequitar; it can be shown that on any ocassion any one of them can be more breakable than any other; it's a mathematical randomness event that equates them all without further need for analysis.  So, the question is moot and the only true answer is that all of them are equally insecure.

Security is simply defined as the ability to prevent anyone from doing anything to your computer that you would not want them to do; this covers all the sub-securities listed by shalomc.  Mostly, we accept "secure" as "not being able to break into."  That's also pretty good too, since a secured area is one that is off limits to all but authorized personnel, which fits well with my first definition.

The scripts [interpretors], by the way, can be enhanced, monitored, and controlled by the Special Operators of the hardware design.  There are techniques to automatically "guess" at the legitimacy of what a process may be doing.  For Example, a process running more than even 40% of cpu time should be suspect, even if not as a virus or malware, certainly as very badly written code.

After 80% of cpu time for a single program or process, your machine is officially "thrashing" and you've lost control of your machine; again, malware or badly written code.  Too much swap time?  Same.  Too much RAM occupied?  Same thing.  Everything follows mathematics and the basic one over the square root of two point of optimal efficiency based on the Power Series.  That boils down to 0.707 or 70% of maximum.  This is called RMS or Root Mean Square.  It is the point of maximum energy transfer and this applies to a lot more than just electromagnetic energy, it also applies to statistics [information].

So that too is monitored by modern hardware operators, if, and only if, you know that these operators exist and how to implement them.

Your scripts and Operating System must be compliant with that first for the scripts to attain reasonable security.

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question