Active-X, JAVA, Javascript, etc....

Marc Salomon marc at ckm.ucsf.edu
Tue Oct 29 18:34:37 EST 1996


Mark Wilcox <WILCOX at lis.unt.edu>
|JAVAscript is about as secure as your going to get and is pretty easy
|to use. It's not nearly as powerful as either JAVA or Active-X but it
|does come in handy.

The one person from Netscape who ever answered my e-mail told me that
javascript was a quick hack that he slipped into one of the 2.x releases just
prior to shipping.  Not very well thought out.

I've heard that javascript, early on at least, allowed for the perusal of a
local filesystem triggered by loading a WWW page, results of which could be
sent back across the network with a POSTed form.

|It has many security features built in  for running on a network but like any
|fortress it can be defeated.

Like any fortress it excels at one task, defense, while ignoring most other,
more mundane tasks.  The security features that you point out are there because
the language has been lobotomized, on the net implementation, at least.

Much of what was written in this post could have been lifted verbatim from
press releases of the corporations that promote those packages.

|The way I look at it, yes there is danger in what someone might
|create but I think the enormous potential for what these technologies
|could do outweighs the bad.

Security must be a function of what you're trying to protect.  Different
degrees of paranoia are required to achieve a certain degree of risk to protect
 resources of differing value.  The forces driving the WWW standards (if you
can call them that) at this point aim for a one-size-fits all, mass-market
solution that doesn't work too well with a heterogeneous environment.

You have but two choices on the client side for each mobile code system:  turn
it on or off.

-marc

-- 


More information about the Web4lib mailing list