Not M or VistA related but ....... I'm unaware of any server side executed code (asp, jsp, php, insert name here) that can do anything to a client. All that code gets executed on the server -- not the client.
It's the scripting languages that are implemented in the browsers (client side) that can cause the security issues, and these scripting languages (javascript, vbscript, etc.) can be embedded in plain old HTML pages -- no server-side execution needed. Server-side languages such as php, asp, jsp, pl, etc. are no more of a client security issue than plain old HTML pages. At 11:12 PM 6/9/2006, chuck5566 wrote: >On Jun 9, 2006, at 8:49 PM, Gregory Woodhouse wrote: > >> >>On Jun 9, 2006, at 5:54 PM, Nancy Anthracite wrote: >> >>>Just to be paranoid, Bhaskar, that link is to an " .asp" document. Why >>>does >>>it need to be asp? Is this a website with ill intent? >> >>Pardon me for being dense, but what makes .asp a security threat? It >>indicates the web site is database driven, but so is the WorldVistA site. > >.asp indicates to the Web server that the document has code to be >executed, usually VBscript. No database is implied or need be involved at all. > >Much of the Web malware has been code known to cause memory overflows in >IE or IIS, giving the hackers an "in". _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members
