A topic of concern in Linux

Thomas Stivers stivers_t at tomass.dyndns.org
Tue Jan 20 12:56:14 EST 2004

Hash: SHA1

On 01/20/04 11:34 AM -0500, Lorenzo Prince wrote:
> Agreed.  I have a very strong belief that all web page scripts should be executed
> server-side with things such as php and perl scripts in shtml files.  There is,
> in my opinion, absolutely *no need* to force a user's browser to execute a script
> to do something that can be executed server-side.  Also, server-side script
> execution produces standard html output, so if there is a virus or spyware in a
> server-side script, it will simply backfire on the person who is using it, not
> the person who is trying to view the web page.  Also, server-side scripts can be
> viewed by the person who needs to see them, E.G. the server administrator, who
> can verify that the script is clean long before it ever even gets on the server.
> And as far as I know, there is *nothing* that can be executed by a browser that
> can't be executed on the server just as easily, if not more easily.

While I agree with you personally, you are never going to convince most
web developers to use server-side solutions for things like data
verification because its more expensive in terms of bandwidth and
processor time. If John Q. Public puts bad data in a form it makes more
sense to produce an error before form submition than to have two
unnecessary http transfers.

I guess what I am trying to say is even though I don't like it
javascript and its ilk are here to stay and no matter how much we bitch
about it its a fact. If the text based browsers handled javascript most
people (myself included) would not have a problem with javascript
anymore. I don't hear all that many mozilla users complaining about the
insecurity of javascript, and if they do they can turn it off. Free
software that is insecure can and will be made secure with time.

- -- 
Clarke's Corollary:
Any technology distinguishable from magic is insufficiently advanced.
Thomas Stivers	e-mail: stivers_t at tomass.dyndns.org
Version: GnuPG v1.2.4 (GNU/Linux)


More information about the Speakup mailing list