A topic of concern in Linux
Lorenzo Prince
lorenzo at prince.homelinux.org
Tue Jan 20 11:34:52 EST 2004
The famous speaker who no one had heard of said:
> Another thing that contributes to the proliferation of this malware is
> the use of active content in web pages and e-mails. Hence HTML mail
> is evil! Another big reason to hate javascript. Those scripts can be
> used to launch local code on your machine to do God knows what and we
> can't look at a lot of it because it is secret proprietary code.
> Correction: the HTML stuff can often be looked at locally offline but
> I think that flash stuff is protected. Stick to text-only web and
> e-mail and those outlets will never spy on you.
Agreed. I have a very strong belief that all web page scripts should be executed
server-side with things such as php and perl scripts in shtml files. There is,
in my opinion, absolutely *no need* to force a user's browser to execute a script
to do something that can be executed server-side. Also, server-side script
execution produces standard html output, so if there is a virus or spyware in a
server-side script, it will simply backfire on the person who is using it, not
the person who is trying to view the web page. Also, server-side scripts can be
viewed by the person who needs to see them, E.G. the server administrator, who
can verify that the script is clean long before it ever even gets on the server.
And as far as I know, there is *nothing* that can be executed by a browser that
can't be executed on the server just as easily, if not more easily.
Just my $0.02. Put it in the bank and enoy. ;)
PRINCE
More information about the Speakup
mailing list