On 6/26/06, Paul Hill <[EMAIL PROTECTED]> wrote:
Not exactly. JavaScript is quite limited in what it can do and is (in theory) sandboxed within the browser. e.g. no file or OS operations.
Theory v. Practice. In theory, COM is pretty cool, as I wrote in "OLE is no Bull!" in FPA, June 1995, (Not responsible for the title!). Implementation varied by container, causing compatibility issues, and insecure code run inside an insecure app on an insecure OS lead to, well, insecurity. Similarly, implementations of Javascript and AJAX have leaked files to the OS, allowed some nasty cross-site scripting issues and were responsible for a Yahoo! mail exploit within the fortnight: http://www.vnunet.com/vnunet/news/2158123/worm-targets-yahoo-mail "Secure" is not a feature, and I am not claiming any language is "more" or "less" secure, only pointing out, as this thread started, that AJAX and Javascript are problemmatic to implement as some people will have them turned off. -- Ted Roche Ted Roche & Associates, LLC http://www.tedroche.com _______________________________________________ Post Messages to: ProFox@leafe.com Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
