A topic of concern in Linux
stivers_t at tomass.dyndns.org
Tue Jan 20 12:56:14 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
On 01/20/04 11:34 AM -0500, Lorenzo Prince wrote:
> Agreed. I have a very strong belief that all web page scripts should be executed
> server-side with things such as php and perl scripts in shtml files. There is,
> in my opinion, absolutely *no need* to force a user's browser to execute a script
> to do something that can be executed server-side. Also, server-side script
> execution produces standard html output, so if there is a virus or spyware in a
> server-side script, it will simply backfire on the person who is using it, not
> the person who is trying to view the web page. Also, server-side scripts can be
> viewed by the person who needs to see them, E.G. the server administrator, who
> can verify that the script is clean long before it ever even gets on the server.
> And as far as I know, there is *nothing* that can be executed by a browser that
> can't be executed on the server just as easily, if not more easily.
While I agree with you personally, you are never going to convince most
web developers to use server-side solutions for things like data
verification because its more expensive in terms of bandwidth and
processor time. If John Q. Public puts bad data in a form it makes more
sense to produce an error before form submition than to have two
unnecessary http transfers.
I guess what I am trying to say is even though I don't like it
anymore. I don't hear all that many mozilla users complaining about the
software that is insecure can and will be made secure with time.
Any technology distinguishable from magic is insufficiently advanced.
Thomas Stivers e-mail: stivers_t at tomass.dyndns.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Speakup