For all researchers out there who use the National Library of Medicine's
PubMed database:
As of March, PubMed will force all researchers to use its new
Javascript-required format,
http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?db=PubMed ,
and discontinue its current Javascript-free format
http://www.ncbi.nlm.nih.gov/PubMed/medline.html .
This change is occurring just when the CERT Coordination Center issued an
advisory (February 2, 2000) about the serious security holes that are caused
by Javascript ( http://www.cert.org/advisories/CA-2000-02.html )
CERT Advises:
"Users may unintentionally execute scripts written by an attacker when they
follow untrusted links in web pages, mail messages, or newsgroup postings.
Users may also unknowingly execute malicious scripts when viewing dynamically
generated pages based on content provided by other users. ... Web Users
Should Disable Scripting Languages in Their Browsers: Exploiting this
vulnerability to execute code requires that some form of embedded scripting
language be enabled in the victim's browser. The most significant impact of
this vulnerability can be avoided by disabling all scripting languages."
I believe it is extremely poor policy to discontinue PubMed's Javascript-free
format, which works fine now, and force everyone into Javascript security
vulnerability. Many Web browsers will simply be unable to use PubMed; others
will be forced to violate the security policies of their sites in order to
use PubMed.
Therefore, I ask people to please send a note to PubMed,
pubmednew at ncbi.nlm.nih.gov , or
custq at customerq.nlm.nih.gov, and also cc: to
sensen09 at mail.house.gov
(Rep. F. James Sensenbrenner, Jr. (WI), Chair of the House Science
Committee),
requesting that they continue maintaining their
non-Javascript format for PubMed access.
--
======================================================================
Lee Altenberg, Ph.D.
E-mail: altenber at hawaii.edu
Web: http://dynamics.org/~altenber/
======================================================================
