Because current technology still favors functional enhancement as the main thinking, the instruction code tends to be complex, which is prone to more security vulnerabilities and loses the flexibility to adjust the architecture in quick response to attacks.
Douglas Crockford, an architect at Yahoo! who is an important promoter of Javascript network technology, said that the current technical thinking of web development still focuses on the improvement of multimedia functions or browsing performance, and security should be the first priority in the future.
Crockford is currently a senior JavaScript architect at Yahoo!, responsible for the architectural design of YUI (Yahoo! User Interface), and serves as a member of the ECMA JavaScript 2.0 Technical Committee. He is a master figure in the JavaScript development community. This time he was invited to Taiwan to participate in OSDC (Open Source Developer's Conference Taiwan) gave a special speech to introduce the development of ECMA JavaScript to domestic developers.
When Crockford explained the development of network technology to the media, he pointed out that the current network technology still adheres to the past thinking, and web development technology still focuses on functional enhancement and improvement of web browsing performance. Although it has enhanced the richness of network development, it has not included network security. As a result of being prioritized as a development priority, cybersecurity incidents continue to occur.
Continuing the result of past network development thinking, today's network technology emphasizes powerful interaction and multimedia functions, but it also allows the rise of some attack methods. Taking XSS (Cross-Site Scripting) as an example, due to the embedded scripts from multiple different sources, it is easy to Hackers use the instruction set to take advantage of the vulnerability and steal data from the client computer.
Although there are new technologies, such as Caja promoted by Google, to prevent XSS cross-site attacks, the overall technology development direction is still towards improving functionality and performance.
Taking HTML 5 technology as an example, Crockford said that although HTML5 adds many functions, it makes the entire script larger and more complex, making it prone to vulnerabilities and being attacked. In addition, it supports access to terminal data on users’ computers and mobile phones. Expanding the security risk of data theft to mobile phones, the result is too large and complex, and it is difficult to adapt to the ever-changing attack methods, which may easily lead to security risks in the long run.
Regarding the current speed competition among browser manufacturers, they have strengthened JavaScript engines to speed up web browsing, claiming to be the fastest browsing speed. He believes that although it is a good thing for browsers to speed up web browsing, the improvement methods are limited, only 5 to 10%. The terminal browser part is accelerated. If the server side can be improved at the same time, the acceleration effect will be greater.
Regarding the new standard ECMA Script 5 being formulated, he is optimistic that it will become the main network development standard in the future. Although Apple and Chrome are not yet clear, IE, FireFox, and Opera are all leaning towards ECMA Script 5. We should see new ones this year. Browser application.