Security Basics mailing list archives
Re: JavaScript Timeout Setting
From: Todd Haverkos <infosec () haverkos com>
Date: Thu, 18 Aug 2011 11:37:23 -0500
infosecsmith () s mintemail com writes:
I was curious what you think about setting this option in Internet Explorer. http://support.microsoft.com/kb/175500 Because some scripts may take an excessive amount of time to run, Internet Explorer prompts the user to decide whether they would like to continue running the slow script. Some tests and benchmarks may use scripts that take a long time to run and may want to increase the amount of time before the message box appears. In Internet Explorer, the script time-out value can be changed on specific client machines by modifying a registry entry. To change this time-out value in Internet Explorer 4.0, 5.0, 6, 7, or 8, follow these steps: 1. Using a Registry Editor such as Regedt32.exe, open this key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles *Note* If the Styles key is not present, create a new key that is called Styles. 2. Create a new DWORD value called "MaxScriptStatements" under this key and set the value to the desired number of script statements. If you are unsure of what value you need to set this to, you can set it to a DWORD value of 0xFFFFFFFF to completely avoid the dialog. My thoughts would be its acceptable to extend the Time Out, but not to completely disable it. Thoughts?
I'd hesitate to recommend this generally as sometimes it's anomalies like this that are the only symptoms that lead a user to report workstation problems that lead to discovery of an infection that other endpoint protections have entirely missed. On an exception basis, sure-- if there's a very specific site or tool that when tested across a number of known clean machines causes this issue and gets in the way of getting work done, I can't see much harm in increasing this. But I certainly wouldn't rush to extend this across an enterprise, and I agree with you that disabling it is best avoided. On the other hand, an alternate browser might be another way to skin the same cat. If it's bulky Javascript you're running, for example, Chrome seems to rule the roost at present. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- JavaScript Timeout Setting infosecsmith (Aug 18)
- Re: JavaScript Timeout Setting Todd Haverkos (Aug 18)
- <Possible follow-ups>
- Re: JavaScript Timeout Setting Sandeep Cheema (Aug 18)