But hasn't it got access to the users data? therefore cant it delete / modify this users data?.
How about this scenario. Boss has a Unix workstation in an attempt to provide a secure environment. All the important company data is on shared areas and the boss has read/write access as its his/her job to update the data. A malicious person writes a perl script (or insert script language of choice) that modifies all documents in all areas it can find and then emails it to the boss with a claim that its a picture and instructions on how to run/open it. plonker/boss follows the instructions and is miffed when it doesn't produce a pretty picture. Surely the result is the same as a destructive VB script i.e. all the important company data has been trashed. The fact the his/her workstation is still running and none of its system files have been modified is pretty irrelevant as its the data that is important not whether a particular workstation is running. Or is there some magic that means a standard user who will run "I love you.exe" on a windows PC wont run it on a Unix workstation if given the instructions on how to execute files/scripts? Stewart Jump -----Original Message----- From: Benjamin Scott [mailto:[EMAIL PROTECTED]] Sent: 12 November 2001 04:26 To: Exchange Discussions Subject: RE: It's not Microsoft's fault because.... On Sun, 11 Nov 2001, Mike Carlson wrote: >>> I have no idea what you're talking about. Seems to me that every >>> useful scripting language is potentially dangerous. >> >> True. However, most scripting languages don't >> automatically execute when emailed to you... :-) > > JavaScript will in HTML email. JavaScript is sandboxed. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] This e-mail, and any attachment, is confidential. If you have received it in error, please delete it from your system, do not use or disclose the information in any way, and notify me immediately. The contents of this message may contain personal views which are not the views of the BBC, unless specifically stated. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
