You are viewing content from a past/completed QCon -

SESSION + Live Q&A

Running third-party JavaScript

There’s a JavaScript package for everything. But installing a random package is a security nightmare: the installed package can access your data and send it over the network without anyone ever knowing.  

But there’s hope! This talk will discuss how to minimize the risks of running third-party JavaScript. We’ll go over POLA, the Principle of Least Authority, and how object capabilities can help us grant specific, limited resources to third-party code. We’ll also cover the current efforts to enforce security boundaries in JavaScript: SES (Secure ECMAScript) and Realms.


Speaker

Katelyn Sills

Software Engineer @agoric

Kate Sills is a software engineer at Agoric, building composable smart contract components in a secure subset of JavaScript. Previously, Kate has researched and written on the potential uses of smart contracts to enforce agreements and create institutions orthogonal to legal jurisdictions. Kate...

Read more
Find Katelyn Sills at:

Location

St James, 4th flr.

Track

JavaScript: Pushing the Client Beyond the Browser

Topics

Silicon ValleyJavaScriptJavaScript Libraries

Share

From the same track

SESSION + Live Q&A Node.js

Putting Node.js Serverless Apps into Production without the Pitfalls

Serverless is the new way of creating software. It means moving away from servers and leaving that to the cloud vendor. Instead, you focus on features and business value and use managed cloud services to build powerful applications. Serverless allows you to do more much faster.But there are...

Eoin Shanaghy

CTO and co-founder @fourtheorem

SESSION + Live Q&A JavaScript

Bangle.js - Creating a Smart Watch With JavaScript

Gordon will talk about how he took an off the shelf smart watch, reverse engineered it, installed a JavaScript interpreter on 400 of them and got them into the hands of the attendees at NodeConf EU. He's currently in the process of shipping another 1500 watches to Kickstarter backers.

Gordon Williams

Creator of the @Espruino

SESSION + Live Q&A Interview Available

Hello Quantum Developers World - Yet Another Frontier for JavaScript

In this talk, participants will come to know the underlying principles of Quantum Computing and how it differs from Classical Computing, how and why it is evolving so fast and how to take it from the hands of researchers and put it in the hands of developers thus making way for the so-promised...

Miguel Ramalho

MSc Student @UPorto (University of Porto)

SESSION + Live Q&A JavaScript

JS � Character Encodings

Character encodings can be confusing for every developer, providing pitfalls even for the most experienced ones, so a lot of the time we want to end up with something that “just works” without an in-depth understanding of the involved concepts. In this talk, Anna will give an overview...

Anna Henningsen

Node.js Developer

PANEL DISCUSSION + Live Q&A JavaScript

Panel: JavaScript - Is the Insanity Over?

Is JavaScript finally ready to make developers happy? Are the days of transpiling really numbered?When will the software architects in the back row finally stop laughing at us?We seem to be stuck with JavaScript. But the developer experience might just be getting better—join to us to see if...

Miguel Ramalho

MSc Student @UPorto (University of Porto)

Eoin Shanaghy

CTO and co-founder @fourtheorem

Katelyn Sills

Software Engineer @agoric

Gordon Williams

Creator of the @Espruino

View full Schedule