Richard Gaskin wrote, refering to the danger of hostile web apps:
> But not a new one: ActiveX controls, Director Xtras, and all
> applications carry this same potential threat. After all, the online
> world is far older than Web security protocols. As long as people are
> aware of the risks beforehand, the can make their own choices.
>
> Moreover, if Scott attempts to build security features into the
> product, it opens the door for all sorts of potential liabilities.
> In the United States of Attorneys, this may not be a wise move.
Now hang on a second, surely this can't be right? Admittedly I'm from
Australia, where litigation is still a legal process and not the
country's most popular participatory sport, but does Richard really mean
that *failing to include the most basic security measures* in a product
such as Metacard is legally safer than actually including security
measures? Like, oh wow man, acid trip!
> Ultimately, nothing is secure. Maybe I'm just old-fashioned, but I
> think it's healthy for people to avoid the false sense of security
> implied by tools like Java (which still carries a hefty and thorough
> disclaimer in spite of its claims).
But the big difference is that with Java the user CHOOSES whether or not
to give the web site access to your computer. ActiveX takes the choice
away from the user or system administrator and gives it to the
(potential) cracker.
Me, I vote for user control.
--
Steven D'Aprano
==========================================
M.B. Sales Pty Ltd Ph: +61 3 9460-5244
A.C.N. 005-964-796 Fax: +61 3 9462-1161
