Web Shaders and Security

Hi all,

I wanted to mess around with the new shader's. I noticed my browsers webgl setting was off by default. Not knowing how to activate it, I searched the net for "how to's" on activating it. I noticed a lot of articles claiming that enabling the shader's would leave your computer vulnerable to different sorts of threats, and should not be used while surfing the net for other purposes. Does anyone know anything more about these claims?

WebGL is disabled if you don't have an up-to-date graphics card driver, so try updating them.

WebGL has been designed to be secure from the very start. I've read the WebGL specification and it mandates strict handling of memory and buffers explicitly to prevent security issues. I'm not aware of any actual security flaws that have ever been used to compromise anyone's computer.

Microsoft hired a security firm to write about "security flaws" in WebGL, which was widely panned as hypocritical and misleading. The report simply exposed a Firefox bug which was quickly fixed, so the security problem could not be exploited any more, and usual practice in the industry is to report security issues privately to allow the vendor time to fix them, but they just went public immediately. Microsoft also support 3D in their Silverlight plugin, Adobe Flash supports 3D as well, and the Unity3D plugin supports 3D access, and they all do pretty much exactly the same thing as WebGL. So if Microsoft was serious about security issues in 3D features, they would stop supporting Silverlight, Flash, and Unity3D. They still keep supporting them though. Perhaps Microsoft just don't like WebGL because it is based on OpenGL, which is a competitor to Microsoft's DirectX.

In short, it's all nonsense spread for political reasons.

Hey Ashley!

Thanks for clearing that up for me. It can be an extremely daunting task trying to sort the truth from the horsey poo poo on the net these days.

Now I'm a little behind on trying them out... I'd better get busy (before the brown dwarf arrives).