Although sanitizing user input gets the job done, what one should be doing is sanitizing the output.
An XSS attack exists because you are dynamically generating a web page with content you didn't intend: which contains executable script instead of where you intended dumb text (that you got from a database or that was entered earlier on by a (another) user). Sanitizing user input (which is the only factor you don't control) will help but if I enter <script>1+1</script> as some comment on for example a JavaScript forum, I would expect it to appear like that !
The definite solution to getting rid of XSS attacks is to use a modern toolkit that actively prevents this without ANY effort from the programmer. Like Wt for example does.
You are simply not aware of the cruel nature out there. What they are creating is a down-stripped life form with only the bare essential in there. For example, what they are certainly going to leave out is any kind of defense that every living system has against other life forms or even simple toxic products or any kind of antibiotic.
This will work fine for their purposes because it is simple, it will be grown in and confined into something like a sterile glass casing for example. If the glass should break, it is bound to be killed instantly by anything else around in nature like an extremely harmful creature, and reduced to organic food.
Simple truth is: if Craig is convinced he has pulled it off, this is the single most important inventions in a long time and it will make the world a better place because of increased efficiency in many important areas such as energy and waste industries. I don't know whether he will get the patent or not, but I don't care too much. Regardless of the outcome, we'll all benefit of his creativity and vision.
On the other hand it may take 20 years or so to actually be able to use this kind of technology in meaningful ways (and have drugs produced this way approved by the government). So granting patent protection now means that it would expire just about the time that people might be able to take advantage of it.
You're missing the point of the technology. It is not to make drugs, for which you would be right. But it is to create organic machines that would be totally cheap to create, utterly efficient (nothing is as efficient as nature in many things such as: converting CO2 into other stuff, converting (organic molecules, light, heat, etc...) into energy, etc...) and in general improve the worlds economic efficiency more than anything else has done before.
It is genious ! And to Craig's credit, he is the one who has had the vision first and is putting his own money into it. I don't know if the patent is there, but I'm actually excited that he thinks he is going to have this kind of technology soon.
Regardless of the outcome of the patent, we'll all benefit!
CGI in C is too risky. CGI in C++ and STL strings is secure, scalable, and highly portable. I'd take Perl before Java for CGI. I prefer Python or Ruby to Java in just about every case, including UI development (WxWidgets). I agree with you, but why settle with CGI if you can get a Web Toolkit in C++ that is secure, scalable, and highly portable ?
I fully agree with you: programming web applications using HTML and JavaScript (and forms and/or AJAX), etc... is not how one gets happy.
But that's because you are not using the right tools and level of abstraction. Programming desktop applications in Assembler is no fun either, is it ? That doesn't make it a bad idea.
Why don't you program web applications the way you're used to program desktop applications, using libraries such as echo2 or Wt ?
Slashdot Mirror
Although sanitizing user input gets the job done, what one should be doing is sanitizing the output .
An XSS attack exists because you are dynamically generating a web page with content you didn't intend: which contains executable script instead of where you intended dumb text (that you got from a database or that was entered earlier on by a (another) user). Sanitizing user input (which is the only factor you don't control) will help but if I enter <script>1+1</script> as some comment on for example a JavaScript forum, I would expect it to appear like that !
The definite solution to getting rid of XSS attacks is to use a modern toolkit that actively prevents this without ANY effort from the programmer. Like Wt for example does.
That is a lot of FUD.
You are simply not aware of the cruel nature out there. What they are creating is a down-stripped life form with only the bare essential in there. For example, what they are certainly going to leave out is any kind of defense that every living system has against other life forms or even simple toxic products or any kind of antibiotic.
This will work fine for their purposes because it is simple, it will be grown in and confined into something like a sterile glass casing for example. If the glass should break, it is bound to be killed instantly by anything else around in nature like an extremely harmful creature, and reduced to organic food.
Simple truth is: if Craig is convinced he has pulled it off, this is the single most important inventions in a long time and it will make the world a better place because of increased efficiency in many important areas such as energy and waste industries. I don't know whether he will get the patent or not, but I don't care too much. Regardless of the outcome, we'll all benefit of his creativity and vision.
On the other hand it may take 20 years or so to actually be able to use this kind of technology in meaningful ways (and have drugs produced this way approved by the government). So granting patent protection now means that it would expire just about the time that people might be able to take advantage of it.
You're missing the point of the technology. It is not to make drugs, for which you would be right. But it is to create organic machines that would be totally cheap to create, utterly efficient (nothing is as efficient as nature in many things such as: converting CO2 into other stuff, converting (organic molecules, light, heat, etc...) into energy, etc...) and in general improve the worlds economic efficiency more than anything else has done before.
It is genious ! And to Craig's credit, he is the one who has had the vision first and is putting his own money into it. I don't know if the patent is there, but I'm actually excited that he thinks he is going to have this kind of technology soon.
Regardless of the outcome of the patent, we'll all benefit!
I fully agree with you: programming web applications using HTML and JavaScript (and forms and/or AJAX), etc... is not how one gets happy.
But that's because you are not using the right tools and level of abstraction. Programming desktop applications in Assembler is no fun either, is it ? That doesn't make it a bad idea.
Why don't you program web applications the way you're used to program desktop applications, using libraries such as echo2 or Wt ?
Quote: "Maintaining state is a pain in the ass on the web and generally is not on the desktop."
You must not have heard of libraries like echo2 or Wt for doing web development. They have the same API as desktop GUI libraries.