Search Mailing List Archives
[liberationtech] [tor-talk] Programming language for anonymity network
vitteaymeric at gmail.com
Fri Apr 18 02:54:00 PDT 2014
Redefining anything in js is visible as "your nose on your face", as
well as importing silently anything, whatever obfuscation/minification
means are used it's trivial to check.
But here you do not have necessarly to import things and/or libraries,
you can package everything with your app so you control your package and
nothing can come from the outside or be injected.
Node is not an enormous platform with tons of dependencies, easy to check.
You should bring node to FF OS :-)
Le 18/04/2014 11:34, David Rajchenbach-Teller a écrit :
> On 18/04/14 11:30, Aymeric Vitte wrote:
>> - nodejs is easy to audit (assuming that modules like V8 can be
>> audited), you can override node's functions/objects if you like
> Actually, in my mind, that's one point against safety of Node.js
> applications. Redefining, say, Array.prototype.forEach is a good way to
> introduce hard-to-track bugs. Doubly so if this is done silently by
> importing a package (almost sure the latter is possible, but I haven't
> actually checked).
Peersm : http://www.peersm.com
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech