Domain: devarticles.com
Stories and comments across the archive that link to devarticles.com.
Comments · 7
-
Re:GPG encryption
As for the webmail part, that could be actually doable it the decryption is actually done on the client side :
- the webmail servers stores and transmits email in encrypted form
- the javascript running on the reciever's Firefox does the decryptions
- as such no un-encrypted copy exists anywhere on the web
- the key remains locally stored and accessed only by the locally running Javascript. Not uploaded.Interesting idea. But it won't work easily the way browser security currently is implemented (same-origin policy). As far as I know one can get trust certificates for Java archives. But I'm not so sure about Javascript.
-
Re:Alien Versus Predator
well, I was being cheeky
:)WPF: I prefer the old form-based GUIs. From a business-app PoV, they were teh win. sute not so pretty, but they were very functional and consistent. And I find (using Windows 7) that consistency in all apps is a thing of beauty and wonder. Like the old menus - you knew where you were when every app had a menu bar with a File menu, that had 'new x' and exit' on it. Today... not so good. Pity really, 2 steps forward, 3 steps back
:)Flash v WPF: if you go and read a couple of tutorials, you'll find that Flex development is a great deal like WPF (or, perhaps, should that be the other way round....) as it's based on MXML and actionscript instead of XAML and C#. Add Adobe AIR to that (a superset of webby tech that you can use to build both Web or desktop apps from the same sources) and you have a better tech stack than MS has.
Its a shame people look at the crappy Flash adverts and think "that's poop, or that's just for video, thank god for C#" when the reality for a developer is quite different.
-
Re:Sounds good, but MD5 et al. still have a place
Umm, do you know of a free (pref. BSD-style without ad. clause licensed) JavaScript implementation of Whirlpool? Because I know of one for MD5. Namely Paul Johnston's JavaScript MD5 .
From that site:
The use of MD5 or SHA-1 for most JavaScript purposes (e.g. challenge-response login) does not rely on the collision resistance property. These weaknesses do not create any vulnerability in such web sites and there is no need to panic. If these weaknesses do concern you, there are alternative algorithms available:
Wait, that's what I said!
(Oh, and while on the subject, Building a CHAP Login System.)
-
Re:And why they shouldnt bar it ?
You hit the nail on the head. I'm a junior web programmer for a major university and we considered re-writing many of our applications to have a more Ajax/Web 2.0 feel. We attended an Ajax conference hosted by our university which our programming team attended. One of the senior programmers asked the presenter how to migrate to Ajax techniques without losing accessibility or security. The response? Ajax is virtually worthless with JavaScript disabled. So the only way to achieve accessibility is to have our pages branch to Ajax versions and the accessible HTML version. No thanks. Not only is Ajax not accessible whatsoever, JavaScript has been the cause of many security holes [devarticles.com]. What does JavaScript really offer that can't be done more securely using PHP, Perl, ColdFusion, or some other server-side language? I applaud IT departments that are hesitant in starting/changing their web infrastructure using insecure, immature and inaccessible technologies.
-
What do you mean?
You say, Running remote scripts sans security model is a quaint idea. What do you mean by a "security model"?
I googled for "javascript security model" and the very first link is pretty good article that seems to describe the JavaScript security model. It doesn't have many good things to say about it, but there clearly is a JavaScript security model.
So I think you overstate the case, but I don't really know what you mean. -
Re:Sad news
" Where the heck is everybody going and finding these annoying ads?"
I tried about 3 or so pages from the proxy log...
http://www.devarticles.com/c/a/PHP/Shell-Scripting -With-PHP/2/
http://maxpages.com/dolls/
I admit I haven't seen any "Punch the monkey" ads personally in a while, but that is likely because of the types of sites I surf. Just watching people browse the internet looking for something I notice quite a few ads like that still out there.
ND -
Re:It's Visual Studio, not the languages!
Although not as good as php.net, there are a few decent places for ASP tips and tricks: 4 Guys from Rolla, Dev Articles, ASP Free, Juicy Studio)