Re: Local program exection in WWW browsers

vinay@eit.COM (Vinay Kumar)
Errors-To: listmaster@www0.cern.ch
Date: Wed, 13 Apr 1994 19:28:49 --100
Message-id: <9404131724.AA25363@eit.COM>
Errors-To: listmaster@www0.cern.ch
Reply-To: vinay@eit.COM
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: vinay@eit.COM (Vinay Kumar)
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Re: Local program exection in WWW browsers
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 1541

>From www-talk@www0.cern.ch Wed Apr 13 08:30:56 1994
From: Dave Raggett <dsr@hplb.hpl.hp.com>
> 
> These languages are indeed candidates, but my primary concern right now
> is what functionality is needed, and how to ensure that hostile or buggy
> scripts can't harm the client system in any way. 

>From my limited knoweledge on Telescript, one of the things their "security"
is based on, is Authorization. Only the scipts that are authorized at the
client side are permitted to execute, nothing else. I did something similar 
to take care of the "security risk" involved in handling application/x-csh 
by browsers. Wrote my own quick-and-dirty parser that does a fork and 
exec on the scripts sent by servers based on client-side user-authorization.

More info available at:
	http://www.eit.com/software/vsafecsh/vsafecsh.html

This approach requires users to be security aware, and be able to distinguish 
between buggy and useful scripts however...

My $0.02....
--
  Vinay Kumar
vinay@eit.com

> This has meant focussing
> on the API between the client and script interpreter rather than an early
> selection of language. Both Telescript and Safe-Tcl were designed with
> different environments in mind, and we need to be creative about our needs
> for fill-out forms and later on perhaps, for coordinating different media.
> I also feel that the Web deserves a scripting language that makes it
> especially easy for novices to get started. Does Telescript or Safe-Tcl
> really match up to this?
> --
> Best wishes,
> 
> Dave Raggett