[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] RE: ..about time

To: minivend-users@minivend.com
Subject: Re: [mv] RE: ..about time
From: Mike Heins <mike@minivend.com>
Date: Thu, 3 Feb 2000 11:49:14 -0500
In-Reply-To: <374BE08544FFD211A57D00A0C98F18631E9C5A@SERVER2>; from Scott Satterthwaite on Thu, Feb 03, 2000 at 10:36:29AM -0500
References: <374BE08544FFD211A57D00A0C98F18631E9C5A@SERVER2>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Mike Heins <mike@minivend.com>     ******

Quoting Scott Satterthwaite (ssattert@homier.com):
> 
> I don't think its quite the issue its being played for.
> 
> Think about it:
> 1.  The risk itself is not new.  It has been around since the first
> Dynamic page was generated.  Scripting does enhance the possibilites.
> 
> 2. The problem does NOT come from scripts within the page but script
> embedded in a URL.  I don't know about your browser, but both Internet
> Exloder and Netscape Agrevator cache links and keep a history file. My
> net traffic monitoring software keeps a log file, so does my site
> auditing software.  Of course, every Cracker, Nutcase, and deviate who
> wants the data from your computer is very eager to leave an audit trail.
> 
> 
> I'm not saying I don't think the risk is present.  But it is ONLY that;
> a risk.
> This is not an emergency.  
> 
> As is always the case with going public with reports of this type, I
> think we are going to see a few cracker wanna-be types that are going to
> try something now.  
> 
> The other effect of a public announcement of this type:  A drop in the
> number of consumers visiting our sites!  
> 
> Lets just do what we must to filter script from URLs and cookies and
> down-play this crap and get on with business.

Maybe you all get me wrong -- of course there has always been the
risk. But it is *greatly* amplified with JavaScript and ActiveX and
any of the client-side stuff.

My point is that if you are building catalogs based on JavaScript, 
that *depend* on JavaScript, look out. Especially if you are in the
business-to-business category.

I am certainly not advocating closing down the web; that would make me
have to go back and work for a living. 8-)

-- 
Mike Heins                          http://www.minivend.com/  ___ 
                                    Internet Robotics        |_ _|____
In character, in manners, in        131 Willow Lane, Floor 2  | ||  _ \
style, in all things, the           Oxford, OH  45056         | || |_) |
supreme excellence is               <mikeh@minivend.com>     |___|  _ <
simplicity. -- Longfellow           513.523.7621 FAX 7501        |_| \_\
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] RE: ..about time
  - From: Scott Swanson <scott@clotho.com>
- Re: [mv] RE: ..about time
  - From: "Nick Pleis" <npleis@cei.net>

References:
- [mv] RE: ..about time
  - From: Scott Satterthwaite <ssattert@homier.com>

Prev by Date: Re: [mv] PGP Problem regard credit card vadlidating
Next by Date: [mv] Need a few volunteers...
Prev by thread: [mv] RE: ..about time
Next by thread: Re: [mv] RE: ..about time
Index(es):
- Date
- Thread