JavaScript, Jscript, or VBScript.

Posted on 2006-04-13
Last Modified: 2012-05-05
JavaScript, Jscript, or VBScript. which one is more secure if I want to make question for user to answer
Question by:teera
    LVL 12

    Assisted Solution

    None of them are secure; they are all equally as bad as each other.

    Author Comment

    Hi GinEric
    Can you show me why all of them are not secure ? Did you have any solution that more secure
    Thank you
    LVL 9

    Assisted Solution

    JavaScript and JScript are the same thing (the "J" in JScript is for Java).  As for security... no programming (or scripting) language is any more secure than another; it's up to the programmer (lousy, unsecure code is lousy, unsecure code if any language).

    Scripting languages are a bit more unsecure in that you see all of the code (just open the script in a text editor) which can give a hacker/attacker more insight into your system.  However, at least on an MS platform, you can encrypt your scripts.

    LVL 32

    Assisted Solution

    Secure from what?
    Do you want to secure your code from theft?
    Maybe to secure the user from mitm attacks and code injection?
    Are you after a language that runs in a sandbox and is forgiving to programmer error?
    Do you want to block user modifications to your code to secure the application?

    LVL 12

    Accepted Solution

    "Can you show me why all of them are not secure ? Did you have any solution that more secure"

    In addition to what jjoseph_x says about all code being insecure, it's simle: they have all been broken into.

    There is a solution in hardware and Intel, AMD, and Citrix are just getting around to something Motorola and mainframes have had for a long time: Control Mode Operators.  One would have to replace the Operating System itself to execute these special operators, and event whose probability is similar to cracking above 1024 encryption, next to impossible.

    But the tiers will remain, machine=hard to break into unless you know machine code, compiled code=hard to break into unless you know compiled sources and defines [which a lot of people do], interpretors=the easiest to break into because even simple experimentation reveals even encryption.  It is very easy to reverse engineer scripts, even if they are encoded, by simple trial and error.

    cookies are insecure, and hackers have it down to now simply visiting a web page to infect your computer.

    As a test question, the "which one is more secure" is non sequitar; it can be shown that on any ocassion any one of them can be more breakable than any other; it's a mathematical randomness event that equates them all without further need for analysis.  So, the question is moot and the only true answer is that all of them are equally insecure.

    Security is simply defined as the ability to prevent anyone from doing anything to your computer that you would not want them to do; this covers all the sub-securities listed by shalomc.  Mostly, we accept "secure" as "not being able to break into."  That's also pretty good too, since a secured area is one that is off limits to all but authorized personnel, which fits well with my first definition.

    The scripts [interpretors], by the way, can be enhanced, monitored, and controlled by the Special Operators of the hardware design.  There are techniques to automatically "guess" at the legitimacy of what a process may be doing.  For Example, a process running more than even 40% of cpu time should be suspect, even if not as a virus or malware, certainly as very badly written code.

    After 80% of cpu time for a single program or process, your machine is officially "thrashing" and you've lost control of your machine; again, malware or badly written code.  Too much swap time?  Same.  Too much RAM occupied?  Same thing.  Everything follows mathematics and the basic one over the square root of two point of optimal efficiency based on the Power Series.  That boils down to 0.707 or 70% of maximum.  This is called RMS or Root Mean Square.  It is the point of maximum energy transfer and this applies to a lot more than just electromagnetic energy, it also applies to statistics [information].

    So that too is monitored by modern hardware operators, if, and only if, you know that these operators exist and how to implement them.

    Your scripts and Operating System must be compliant with that first for the scripts to attain reasonable security.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now