Re: Local program exection in WWW browsers

Vinay Kumar ([email protected])
Wed, 13 Apr 94 10:24:49 PDT


>From [email protected] Wed Apr 13 08:30:56 1994
From: Dave Raggett <[email protected]>
>
> These languages are indeed candidates, but my primary concern right now
> is what functionality is needed, and how to ensure that hostile or buggy
> scripts can't harm the client system in any way.

>From my limited knoweledge on Telescript, one of the things their "security"
is based on, is Authorization. Only the scipts that are authorized at the
client side are permitted to execute, nothing else. I did something similar
to take care of the "security risk" involved in handling application/x-csh
by browsers. Wrote my own quick-and-dirty parser that does a fork and
exec on the scripts sent by servers based on client-side user-authorization.

More info available at:
http://www.eit.com/software/vsafecsh/vsafecsh.html

This approach requires users to be security aware, and be able to distinguish
between buggy and useful scripts however...

My $0.02....

--
  Vinay Kumar
[email protected]

> This has meant focussing > on the API between the client and script interpreter rather than an early > selection of language. Both Telescript and Safe-Tcl were designed with > different environments in mind, and we need to be creative about our needs > for fill-out forms and later on perhaps, for coordinating different media. > I also feel that the Web deserves a scripting language that makes it > especially easy for novices to get started. Does Telescript or Safe-Tcl > really match up to this? > -- > Best wishes, > > Dave Raggett