> You mean that a malicious programmer could be hired by > someone to code web pages for them and then take advantage of > the person hiring them. Am I understanding? > > If that's the case, then I still think that burden should be > on the person hiring the programmer...get someone you > trust...if you don't trust them, don't hire them.
No, that's not what I meant at all. I meant exactly what I wrote: any malicious programmer could exploit it in their own web pages. Just like malicious programmers exploited ActiveX vulnerabilities in IE, and cross-site scripting vulnerabilities, etc, etc. If the browser lets you do something, it lets ANYONE do that thing, not just Rick the trustworthy programmer. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241415 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
