On 28 Nov 2001 00:59:44 -0500, "Jonadab the Unsightly One" <[EMAIL PROTECTED]> wrote:
>The whole idea of plugins is that you get a few plugins that are >widely known and endorsed (Java, maybe Flash, possibly Shockwave, and >so on). These may have security holes, but they are unlikely to be >malevolent per se. A website may attempt to abuse their security >holes in a malicious manner, but if that happens the net community >bugs the vendor of the plugin to fix the security hole and release a >new version, or that's the idea. > >The idea of ActiveX is somewhat different. Websites are not limited >to exploiting security holes that may or may not exist in the version >of the plugin you have -- they can just do whatever they want. ActiveX is used for the same mainstream stuff as plugins are. Just because there aren't many sites that offer Netscape plugin equivalents to "custom" dangerous ActiveX controls doesn't mean that the idea of ActiveX is different. Any difference can probably be attributed to the fact that ActiveX has been more successful than plugins: development tools help people make them, there are more hosts for ActiveX controls than there are hosts for plugins, there is more documentation. If plugin installation was easier and plugin development was supported by development tools, plugins would have the same problem. Sites can do whatever they want once the ActiveX control is on your machine. Just like plugins. >> If the list of ActiveX controls available to a theoretical >> implementation resembled the list of plugins available to the typical >> Netscape installation (Flash, Acrobat, QuickTime), I think there would >> be far less cause for concern. > >The people who want Netscape to support ActiveX want it to do what IE >does by default: pop up a dialog any time a website wants to run any >ActiveX control, similar to the one when your search criteria at >Google aren't encrypted, so that the user can just frob "okay" and let >the site do whatever it wants, including download a custom ActiveX >control from the site. This is *nothing* like letting the site use >one of several hand-selected plugins or controls that the user >specifically sought out and downloaded, or that came with the >browser. I know, and I'm trying to say that this wouldn't be the worst feature in the world. I could be turned off by default (don't even ask the user just show broken content), it could maintain a list of trusted plugins, etc.. Chris Hill [EMAIL PROTECTED]
