Hi John,
On Thu, Aug 29, 2002 at 03:58:56PM +0800, John Summerfield wrote:
> On Thu, 29 Aug 2002 15:26, Toni Mueller wrote:
> > in general, allowing JS is a per-client setting that you don't
> > control from the server. So if the client has to use different
> > sites and need to trust only your server, he has to go to his
> > preference settings and turn JS on and off all the time, depending
> > on the next link he's going to visit (knowingly?). Net result:
> > JS is only near feasible in an Intranet where you control the
> > client platforms and the JS injected into the network from
> > A-Z, and that's probably not the most common situation to begin
> > with.
>
> I was querying the assertion there is a security problem. You're talking about
> convenience, another matter.
I wanted to say that there is the problem that there are hazardous
sources of JS, and that users who, umm, let's say, feel that it's
required for SL, may feel the need to turn it on and off constantly
(which is only too easy to forget or to do wrongly).
> Nothing I said suggests that js should be _required_, only that it should be
> _available_ for anyone who wants to use it, and that it should be a
> capability not tied to any browser. I also pointed out that some with
> js-capable browsers will choose to turn it off, and that browsers that now
> can't handle js may do so in the future.
Ok- here I probably misread you. The constant pounding of some
people to have more DHTML as it seems is annoying, imho.
Personally, I'd also like to see other items on the TODO list
more than I want DHTML which I think is not only a PITA, but
also prone to usurp all available developer time.
> I have no problem with the notion that js from some sources may be hazardous,
> but I don't see how js sourced from SL could be thought to be unsafe.
I also didn't say, or at least didn't want to say, that JS code
coming from a SL site should be regarded as hazardous. Only _if_
you turn it on to enjoy a richer user interface and then inadvertently
"go astray" out on the Internet, possibly hitting a malware site,
then it may be time to be sorry.
> Microsoft's most solid OS: http://www.geocities.com/rcwoolley/
:-)
Best,
--Toni++
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
-------------------------------------------------------
(un)subscribe: http://lists.sourceforge.net/lists/listinfo/sql-ledger-users
Archive: http://www.mail-archive.com/[email protected]/
