Is JavaScript/Java_virtual_machine worth the bother and the threat?

[howard schwartz]

I understood the original rationale for a `platform independent' Java language:
Once converted to bit code, standards were to be so uniform that, any java
virtual machine, on any OS would execute any Java program in identical
fashion. In essence a JVM would act like a shell interpreter. It occurred to
me that most modern program languages could be platform independent in
this sense, if every compiler and all libraries were rigorously standardized.
Every compile on every OS would produce an executable with identical
functionality.

But then came the internet. What, in heaven's name was the need to create
a script language (javascript) the could be embedded in a web page, or
a programming languages, interpreted by a local JVM on a local PC?

That is, why create mechanisms for Web pages to execute code right on
any user's PC, that could do anything an author wanted, e.g., delete files,
corrupt your boot sector, steal all kinds of information, add their website to
your f avorites, etc. etc. ?? The security problems are clearly horrendous.
What benefits outweigh the risks?

I have no problems with cgi scrpits (e.g., in Perl) that execute on the Web
server that, at worst can only send or request data from a PC.

 

[dadiOH]

But then came the internet. What, in heaven's name was the need to
create a script language (javascript) the could be embedded in a
web page, or a programming languages, interpreted by a local JVM on
a local PC?

That is, why create mechanisms for Web pages to execute code right
on any user's PC, that could do anything an author wanted, e.g.,
delete files, corrupt your boot sector, steal all kinds of
information, add their website to your f avorites, etc. etc. ?? The
security problems are clearly horrendous. What benefits outweigh
the risks?

Free?

--
dadiOH
_____________________________

dadiOH's dandies v3.0...
....a help file of info about MP3s, recording from
LP/cassette and tips & tricks on this and that.
Get it at http://mysite.verizon.net/xico
____________________________

 

[Roger Johansson]

That is, why create mechanisms for Web pages to execute code right on
any user's PC, that could do anything an author wanted, e.g., delete
files, corrupt your boot sector, steal all kinds of information, add
their website to your f avorites, etc. etc. ?? The security problems
are clearly horrendous. What benefits outweigh the risks?

I have no problems with cgi scrpits (e.g., in Perl) that execute on
the Web server that, at worst can only send or request data from a PC.

It was probably intended to increase the possibilities to present
information, but most of the ways it has been used in are very
questionable or directly detrimental for the user of the web.

I would like to see a return to a more restrictive web browser, but the
problem is that a big majority of the computer users know too little.
They simply use the browser which is built into their operative systems,
Internet Explorer, which allows a lot of things more experienced users do
not want to allow.

This forces us all to allow javascript, unless we want to be locked out
of a lot of web pages.

We cannot expect a better situation within the foreseeable future,
because even if a lot of users become more aware of the problems there
are also hundreds of millions of new users coming into the web every
year.

Maybe the best we can do is to allow javascript but disallow a lot of the
dangerous things javascript is used to start.

I have javascript turned on in my computer, but I do not allow my browser
to run other script languages, and I have turned off the automatic
execution of many file formats. I also disallow a lot of things in my
browser controls, like popup windows, resizing windows, etc.. I have used
Proxomitron for many years, to stop a lot of problems, but the Opera
browser I use have very good built-in possibilities to stop such
problems, so I often have Proxomitron turned off.

 

[Tone Marie Berg]

(e-mail address removed) (howard schwartz) wrote in

But then came the internet. What, in heaven's name was the need to
create a script language (javascript) the could be embedded in a
web page, or a programming languages, interpreted by a local JVM
on a local PC?

JavaScript has absolutely nothing to do with Java. JavaScript is not
interpreted by "a local JVM", but by the parser in the browser.

Tone