Re: Active-content filtering (was RE: Buffer Overruns)

["Jody C. Patilla" <jcp01 () ibm net>]

        In my experience, the core problem is that 99% of all Web designers
don't have the clues God gave an Irish setter regarding the security 
implications of all their fancy bells and whistles. I've gotten in arguments
with more than one on-line marketing rag columnist who has never, ever
heard of any kinds of problems with active content. They simply have no idea
whatsoever that these scripting languages put their customers' clients at
risk. It doesn't even register.

        The New York Times site is the worst. Not only does it require cookies,
but if you want to complain about THAT practice, their form letter is
Javascript
driven.

        Educating the designers is only part of the problem. Making their 
clients aware of how they could be hurt, so that they bring pressure to 
bear from their side, is also necessary. 

- jcp