On Mon, Dec 19, 2005 at 08:12:13PM -0600, John Jolet wrote > and your pick for client-side portable code is???
Client-side code is inherently risky. The website is executing a program on your machine. It's not that much different from allowing people to telnet on to your machine anonymously and run programs. You face similar privilege-escalation attacks. And Windows boxes are being "administered" (if you can call it that) by computer-illiterate Joe Sixpack, not his geeky cousin Joe Sysadmin. Sure, Java started out from square 1 with a "sandbox" or "Virtual Machine". That didn't stop vulnerabilities from showing up in Java. Netscape's Livescript (damn the @##holes for renaming it Javascript) started off with so little power that the attitude was "Sandbox? We don't need no steenkin sandbox.". As Javascript's power grew, that decision has come back to bite, especially on Windows, but there have been a few multi-platform security bugs. -- Walter Dnes <[EMAIL PROTECTED]> In linux /sbin/init is Job #1 My musings on technology and security at http://tech_sec.blog.ca -- gentoo-user@gentoo.org mailing list