> From what I understand about JAVA vs. JAVASCRIPT, which I freely admit > may be a faulty understanding, there are important differences.
Javascript and JAVA are apples and fish. It's like CLIST versus COBOL. There are some similar semantic constructs but that's about all. Javascript is just a scripting language based on the DOM for the page. JAVA is a real programming language. See <http://en.wikipedia.org/wiki/JavaScript> for more details. > And from > what I've seen of javascript, it's enough to give a security chap a > severe case of "The Willies". The capability of javascript to cause a > serious problem, perhaps a true disaster, seems to be very real and ever > present. I've got a serious problem with that; I wish I could > selectively enable/disable javascript, based on the source site, and my > corresponding level of trust. It would sure be nice if desktop systems > had protection such that some functions couldn't be accessed by > javascript, something like z/OS APF facilities. If you allow "active" content from outside your firewall in your browser (at least on Windoze) you're begging for trouble. And on the other platforms it is not so much of a problem, but only because the nefarious script kiddies are too busy duping the clueless on the windows systems. None of those platforms support an APF-like model and even if they did that would be the wrong answer. You would be much better off with a RACF-like permission model based on resource class and entity name. > Bottom line (for me): Java and JavaScript have their places; I'm just > not sure exactly where. Inside your firewall with your own content they are great. There are loads of tools for doing slick stuff. Outside your firewall all bets are off. And even poor old IE can tell the difference and behave accordingly. CC ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
