Archive of UserLand's first discussion group, started October 5, 1998.

Re: Fighting Back for the Mac™

Author:Phil Wolff
Posted:1/13/2000; 8:59:05 AM
Topic:Now it makes more sense
Msg #:14427 (In response to 14426)
Prev/Next:14426 / 14428

An ounce of prevention...

Any opportunities for mischief in this? JavaScript has been crippled a bit (inability to write to the hard disk, for example) to prevent many of the security risks present in ActiveX. Does adding "XML-RPC" support to a human-supporting browser open a door for unauthorized access to the file system or to data held in the browser's object model?

Memories of a 1997 JavaOne keynote by Scott McNealy. Miko demoed a web-downloaded ActiveX control called Internet Exploder developed by Fred McLean to show security holes. The control shut the computer down. Upon reboot, it formatted a floppy drive, found a user's install of Quicken, wrote a check. the transcript. I'm sure Microsoft closed most of those doors since; does this open a new one or can we rely upon the rest of the browser to protect the user?


There are responses to this message:


This page was archived on 6/13/2001; 4:54:05 PM.

© Copyright 1998-2001 UserLand Software, Inc.