Results 1 to 2 of 2

Thread: What I don't know yet about ActiveX and Java

  1. #1
    Triple Platinum Member wumply's Avatar
    Join Date
    Oct 2002
    Location
    Belmont, NH
    Posts
    785

    What I don't know yet about ActiveX and Java

    Bottom line? If everyone was honest, then we'd not even concern ourselves with dangers from these two bits of software? Yes? No?

    The problem is that harmful code can be written in them and with ActiveX, it can invade your OS and screw you up royally yes? Java is a bit safer I gather because it comes in a sandbox that won't let it upset the OS--unless the sandbox code has holes in it.

    So...Microsoft and Sun MicroSystems provide for you to read or accept a (Verisgn or other) guaranteed signature, as it were, that a given ActiveX or Java program is safe. Is that correct?

    But does each and every ActiveX or Java software come with a guaranteed signature. I mean memory tells me I've downloaded or used online such programs and there was no guaranteed signature for some little program like one I played with that let you turn a cube any old which way by moving your mouse over it. So is this an inconsistency or is it maybe not every last such program needs a sigrnature? And I mean doesn't MS use ActiveX in its IE browser. I go there a lot and click many MS links to other MS pages but I've never seen a signature popup there.

    So what is it I am not aware of?
    I've created my own website...a collection of moving, sad and happy and humorous poems which I would like to share with others. They come from stories my dad used to tell me when I was a kid. If you could glance at my site and if you know of others who might enjoy it and perhaps tell them of it, I would be most appreciative. Thank you. The address is www.metrocast.net/~wumply/exper-1.html

  2. #2
    Super Moderator Super Moderator Big Booger's Avatar
    Join Date
    Apr 2002
    Location
    JAPAN
    Posts
    10,660
    Quote Originally Posted by wumply
    Bottom line? If everyone was honest, then we'd not even concern ourselves with dangers from these two bits of software? Yes? No?

    The problem is that harmful code can be written in them and with ActiveX, it can invade your OS and screw you up royally yes? Java is a bit safer I gather because it comes in a sandbox that won't let it upset the OS--unless the sandbox code has holes in it.

    So...Microsoft and Sun MicroSystems provide for you to read or accept a (Verisgn or other) guaranteed signature, as it were, that a given ActiveX or Java program is safe. Is that correct?

    But does each and every ActiveX or Java software come with a guaranteed signature. I mean memory tells me I've downloaded or used online such programs and there was no guaranteed signature for some little program like one I played with that let you turn a cube any old which way by moving your mouse over it. So is this an inconsistency or is it maybe not every last such program needs a sigrnature? And I mean doesn't MS use ActiveX in its IE browser. I go there a lot and click many MS links to other MS pages but I've never seen a signature popup there.

    So what is it I am not aware of?
    ActiveX is bad. Java is better. I use a script blocker in Firefox called NoScript. It does a wonderful job. I can click a small icon in the firefox status bar (shaped like a blue "S" and chose to allow, temporarily allow, or block any scripts running on any particular page).

    http://webdeveloper.com/activex/activex_security.html

    More about activeX and java security there.

    The problem with signatures is they can be spoofed. More about spoofing | Info about Verisign Spoofing from Microsoft

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •