From: "Rob"
Subject: JavaScript

Hey Sidd,
I've been working with Dan and Wally on some site design and I'm curious about the use of JavaScript. It was my understanding that this cannot be used in our designs, and I was curious where the suseptibility lies. I thought that browsers interpret this line-by-line without the need to execute an application (as in Java applets or Active X), therefore there would be no security threat. Can you help me understand this a little better? Thanks!!

Rob

dear rob,

not just javascript... any 'mobile code' i like to think of mobile code as any code that executes on the client .. in this case the machine the webbrowser is running on

i dont like it for two reasons

1. if u r running a server , u cannot be sure what the client browsers will do with the code u send them.. since the java / javascript / activeX whatever engines are not consistent across browsers and operating systems
2. the greater danger is to the client browser machines.. for most people will not inspect the code that their browser executes or if they do, they dont understand it so they are handing over control of their machine to any body on the net whose website they visit

so to my way of thinking, it is not the fact that the code is compiled/linked/executed or interpreted that is a problem ..

rather

1. in operating web servers, i have no wish to run my code except in an environment that i control (the server)
2. i cannot morally ask my viewers to abdicate responsibility for their own computers to any and all of the websites they browse

there are other reasons...but these will suffice

i have no objection to interpreted code per se except for the speed and efficiency issues... i have been known to use perl on occasion