That is why if we want to use fancy client-side scripting, we use tcl/tk. It has always had a concept of a safe mode, which in the browser plugins is the default. Anything that access a local resource beyond mouse/keyboard/display is simply not available. The commands do not even exist in the interpreter. Of course, as a sysadmin, you 'could' allow more. Just before looking for that new job.
On Wed, 27 Aug 2003 17:45:07 -0700 Condon Thomas A KPWA <[EMAIL PROTECTED]> wrote: > Joel Hammer wrote: > > I see that vbscript can be embedded in html. > > > > Javascript was written to make it very hard to attack the client > > computer, whereas vbscript doesn't have these safeguards built in, > > does it? VBscript can do a lot of stuff, like write to your hard > > drive and run windows software. It really is a beaut. > > But we know *everybody* wants to run windows software. This is a *favor* > they are doing us. > > > It would seem like child's play to encode malicious things in vbscript > > and let the IE users get whacked. If IE somehow was protected against > > running this program, it would be easy to make a vbscript a payload > > (cool screen saver!) and then have the unlucky user click on it and > > run it. -- +����������������������������+�������������������������������+ � Roger Oberholtzer � E-mail: [EMAIL PROTECTED] � � OPQ Systems AB � WWW: http://www.opq.se/ � � Erik Dahlbergsgatan 41-43 � Phone: Int + 46 8 314223 � � 115 34 Stockholm � Mobile: Int + 46 733 621657 � � Sweden � Fax: Int + 46 8 302602 � +����������������������������+�������������������������������+ _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
