-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/20/04 11:34 AM -0500, Lorenzo Prince wrote: > > Agreed. I have a very strong belief that all web page scripts should be executed > server-side with things such as php and perl scripts in shtml files. There is, > in my opinion, absolutely *no need* to force a user's browser to execute a script > to do something that can be executed server-side. Also, server-side script > execution produces standard html output, so if there is a virus or spyware in a > server-side script, it will simply backfire on the person who is using it, not > the person who is trying to view the web page. Also, server-side scripts can be > viewed by the person who needs to see them, E.G. the server administrator, who > can verify that the script is clean long before it ever even gets on the server. > And as far as I know, there is *nothing* that can be executed by a browser that > can't be executed on the server just as easily, if not more easily. While I agree with you personally, you are never going to convince most web developers to use server-side solutions for things like data verification because its more expensive in terms of bandwidth and processor time. If John Q. Public puts bad data in a form it makes more sense to produce an error before form submition than to have two unnecessary http transfers. I guess what I am trying to say is even though I don't like it javascript and its ilk are here to stay and no matter how much we bitch about it its a fact. If the text based browsers handled javascript most people (myself included) would not have a problem with javascript anymore. I don't hear all that many mozilla users complaining about the insecurity of javascript, and if they do they can turn it off. Free software that is insecure can and will be made secure with time. - -- Clarke's Corollary: Any technology distinguishable from magic is insufficiently advanced. Thomas Stivers e-mail: stivers_t at tomass.dyndns.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFADWu+5JK61UXLur0RAg99AJ9Wq97+T8GxWC1xx+Du3kj12HR51wCfebEb B8E686MEQ7D2a8pG6lYrjgk= =y4PD -----END PGP SIGNATURE-----
