We are currently having discussions at our site as to whether or not to
allow Java and/or Java script into our network. In the past we'd decided
not to allow it based on security concerns we'd read about and
discussions I'd seen on this topic coming from this list. This decision
is being re-hashed again because some folks believe that there are no
reasons for Java/Java Script security concerns.
I really don't know a lot about Java/Java Script so I'm wondering if some
of you would be willing to answer the following questions for me:
1. What security concerns are there with letting Java into your
2. What security concerns are there with letting Java Script
into your network?
3. What are some examples of what can be done with Java to
compromise your network?
4. What are some examples of what can be done with Java Script
to compromise your network?
I'm also being asked to provide materials discussing these security risks
from an authoritative source such as CIAC. If you could point me to some
good sources of information published by authoritative sources that would
be very helpful.