ActiveX is essentially client-side application code. It's way different
than JavaScript. I'm not sure there are many sites you can use without
JavaScript these days. Most of them use some sort of ASP, JSP, PHP, or some
Its really quite fasinating how the mindset has evolved regarding zero-day
discoveries:
- OLD RULE: Turn off javascript
- NEW RULE: Read tons of documents
The point, watch how they now handle IE exploits found. No longer will
you see anything in their notes that says:
Turn off ActiveX
Turn off Javascript
and at best I can tell, the reason is because turning it off BREAKS all
kinds of other stuff, including 3rd party or their own.
I was amaze at the China/Google zero-day IE security bug where in NO WHERE
in the Microsoft security announcements did it says "Turn off Javascript"
and now the Chinese will not be able to exploit you.
Look, no browser vendors what you to turn off javascript. In fact, GOOGLE
CHROME was the first browser not to offer the user the option to even turn
it off. This is the beginning for others to follow.
Now web sites are taking the approach - NO JAVASCRIPT? GO AWAY!
It took us nearly 7 years before we began to require Javascript for our
web server client templates. Our templates were WEB 1.0 mostly because
early browser didn't support JS and because of security, many users turned
it off. So WEB 1.0 was necessary.
But as the industry grew, WEB 2.0 was the next stage. We began to add more
of it to our templates. Not 100% but as options to operators to use
special HTML clients, i.e. HTTP AUTHentication (BASIC/DIGEST) vs
Form-based COOKIE login.
A few years ago, we added jQuery support, which MS now directly supports
as part of ASP. jQuery is distributed with our software and we use it
popup Message Previews. Our Chuck E Cheese customer who use our web
server for store support who still have low bandwidth told us the popup
message previews help speed things up.
But now WEB 3.0 is upon is, and his a recycle of the client/server
framework where more of the client-ware is off-loaded. Flash,
SilverLight, Flex, etc, and now HTML5.
Joe, the problem isn't really Javascript, the problem is well, good
engineering with the browser and an growing attitude that clients should
be doing more work and have access to the user's PC. So original the
client was sandboxed and the scripting did not an API to access PC data.
That's changing and there is no stopping this unfortunately.
--
HLS
Joseph M. Newcomer wrote:
This is because Microsoft makes a lot of noise about being concerned
about "computer
security" but essentially believe that if YOU care about it, well, screw
you, JavaVIrus
is essential for making Web sites *cool*, and nobody should make their
machines secure by
disabling this primary malware vector (I recently attended a conference
on computer
security, and what I learned about JavaVirus makes my most rabid rants
about it look
understated compared to the deadly reality! Sort of like my saying
"death can be a
seirous invonvenience in your life" or "end-stage rabies is really
uncomfortable")
joe
On Sat, 13 Mar 2010 14:00:05 -0500, Hector Santos
<sant9442@nospam.gmail.com> wrote:
Giovanni Dicanio wrote:
Seems like there is a new MSDN VC++ Forum dedicated to MFC and ATL now:
http://social.msdn.microsoft.com/Forums/en-US/vcmfcatl/threads
Giovanni
It breaks down if javascript is disabled. :)
Joseph M. Newcomer [MVP]
email: newcomer@flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
--
HLS