On Tue, 20 Jan 2004, Lorenzo Prince wrote: > The famous speaker who no one had heard of said: > > Another thing that contributes to the proliferation of this malware is > > the use of active content in web pages and e-mails. Hence HTML mail > > is evil! Another big reason to hate javascript. Those scripts can be > > used to launch local code on your machine to do God knows what and we > > can't look at a lot of it because it is secret proprietary code. > > Correction: the HTML stuff can often be looked at locally offline but > > I think that flash stuff is protected. Stick to text-only web and > > e-mail and those outlets will never spy on you. > > Agreed. I have a very strong belief that all web page scripts should be executed > server-side with things such as php and perl scripts in shtml files. There is, > in my opinion, absolutely *no need* to force a user's browser to execute a script > to do something that can be executed server-side. Also, server-side script > execution produces standard html output, so if there is a virus or spyware in a > server-side script, it will simply backfire on the person who is using it, not > the person who is trying to view the web page. Also, server-side scripts can be > viewed by the person who needs to see them, E.G. the server administrator, who > can verify that the script is clean long before it ever even gets on the server. > And as far as I know, there is *nothing* that can be executed by a browser that > can't be executed on the server just as easily, if not more easily. Problem is, companies have come to the conclusion that they can save on hardware if they do this, as they don't need the processing power and memory to run those scripts on the server, and of course it means they can do stuff with pages that look neat, even if they don't have any/much practical value. Cheers. -- Toby Fisher Email: toby at tjfisher.co.uk Tel.: +44(0)1480 417272 Mobile: +44(0)7974 363239 ICQ: #61744808 Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html
