[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] RE: ..about time

To: minivend-users@minivend.com
Subject: Re: [mv] RE: ..about time
From: Scott Swanson <scott@clotho.com>
Date: Thu, 3 Feb 2000 14:45:23 -0600
In-Reply-To: <20000203114914.A21456@bill.minivend.com>
References: <374BE08544FFD211A57D00A0C98F18631E9C5A@SERVER2><20000203114914.A21456@bill.minivend.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Scott Swanson <scott@clotho.com>     ******

I'm a bit confused by MH's assertion that Minivend does not "depend" 
on javascript. Both the demo basket and demo checkout pages use 
javascript, & it's hard to imagine a "professional" minivend website 
that would not rely on javascript to enable things like one-click 
deletion of items from the basket, etc.

>******    message to minivend-users from Mike Heins 
><mike@minivend.com>     ******
>
>Quoting Scott Satterthwaite (ssattert@homier.com):
> >
> > I don't think its quite the issue its being played for.
> >
> > Think about it:
> > 1.  The risk itself is not new.  It has been around since the first
> > Dynamic page was generated.  Scripting does enhance the possibilites.
> >
> > 2. The problem does NOT come from scripts within the page but script
> > embedded in a URL.  I don't know about your browser, but both Internet
> > Exloder and Netscape Agrevator cache links and keep a history file. My
> > net traffic monitoring software keeps a log file, so does my site
> > auditing software.  Of course, every Cracker, Nutcase, and deviate who
> > wants the data from your computer is very eager to leave an audit trail.
> >
> >
> > I'm not saying I don't think the risk is present.  But it is ONLY that;
> > a risk.
> > This is not an emergency.
> >
> > As is always the case with going public with reports of this type, I
> > think we are going to see a few cracker wanna-be types that are going to
> > try something now.
> >
> > The other effect of a public announcement of this type:  A drop in the
> > number of consumers visiting our sites!
> >
> > Lets just do what we must to filter script from URLs and cookies and
> > down-play this crap and get on with business.
>
>Maybe you all get me wrong -- of course there has always been the
>risk. But it is *greatly* amplified with JavaScript and ActiveX and
>any of the client-side stuff.
>
>My point is that if you are building catalogs based on JavaScript,
>that *depend* on JavaScript, look out. Especially if you are in the
>business-to-business category.
>
>I am certainly not advocating closing down the web; that would make me
>have to go back and work for a living. 8-)
>
>--
>Mike Heins                          http://www.minivend.com/  ___
>                                    Internet Robotics        |_ _|____
>In character, in manners, in        131 Willow Lane, Floor 2  | ||  _ \
>style, in all things, the           Oxford, OH  45056         | || |_) |
>supreme excellence is               <mikeh@minivend.com>     |___|  _ <
>simplicity. -- Longfellow           513.523.7621 FAX 7501        |_| \_\
>-
>To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

References:
- [mv] RE: ..about time
  - From: Scott Satterthwaite <ssattert@homier.com>
- Re: [mv] RE: ..about time
  - From: Mike Heins <mike@minivend.com>

Prev by Date: [mv] RE: its about time, AND IRC channel
Next by Date: [mv] Code example library , lets put it together!
Prev by thread: Re: [mv] RE: ..about time
Next by thread: [mv] Nested Loops
Index(es):
- Date
- Thread