RE: HTTP Server's jobs for CGI applications -- MIDRANGE-L



Brad wrote:
>>  The banner ad company knows
>> which web page requested the banner ad (using the HTTP_REFERER
>> variable).
>
>You can get this CGI.  Don't need Javascript.

Agreed, for this scenario.  The security holes associated with
JavaScript warrant much more detailed discussion that's beyond
my patience to wade through.


>> Even if you only visit sites that promise not to well their
>> customer lists, you may still have your privacy compromised.
>> Consider toysmart, a web start-up that went belly-up.
>> Although they promised not to sell their customer list, it is
>> one of the things put up for sale by their creditors!
>
>Selling customer lists has nothing to do with cookies or javascript.
>That data is stored on their server.

My point is that paranoia about personal browsing habits is well
justified.  The only reason that privacy laws are so weak in the
USA is that several companies would then go out of business!

With cookies enabled, companies can and do track your web browsing
behavior.

Note that the next generation NetScape v6 apparently has an option
to enable cookies ONLY for the server that served up the HTML, and
not for other servers providing resources for that page.  This
will stop that particular "back door" into tracking your activities.


>> (You can read more about the security holes involved with
>> cookies at <http://www.cookiecentral.com/>.)
>
>Oh gosh.  Not this site again.  One rougue site who's idea was
>"stretch the truth about cookies" to get people to come to their
>site.

There's a lot of good information on that site.  Understand the
issues involved, and it will make more sense.  The issues are
subtle.  Another source of information is
<http://www.junkbusters.com/>.  Also, be sure to read the YRO
section at SlashDot <http://slashdot.org/index.pl?section=yro>.

Oh yeah, one more thing, do a web search on the topic of "web
bugs" - your activities can be tracked even if the web page
you're viewing has no banner ads!


>> The bottom line is this - I know I'm not alone in my
>> concerns.  If you code a dependency on cookies and JavaScript,
>> you'll end up pissing off at least a few people.
>
>Why would they be pissed... just turn on Javascript.  It's like people
that
>put movies out on DVD and not VHS.  Buy a freakin DVD player and enjoy
real
>entertainment.  :)

If I need something that's only available on a site that uses
JavaScript, well, sure I'll enable it for that one time.  But
given the choice, I'll sure as heck choose a web site that
doesn't make me use something I'd rather not use.

But that doesn't hide the fact that it's still poor HTML
coding style to code a dependency on JavaScript.  (Just like
it's poor style to code navigation using image maps or Java.)
JavaScript may add some "pizzazz" to an otherwise bland site,
but it's really not difficult to design a web site without
having to resort to such "eye candy".

Read the W3C accessibility guidelines
(<http://www.w3.org/WAI/References/QuickTips/>).  Regarding
scripts, they recommend providing some alternative content if
scripting capability is not available.  If you want your web
site to be accessible to all people, either code an alternative
to the JavaScript, or just design your navigation without
scripting to begin with.

I'm not against JavaScript as such, I'm just against requiring
JavaScript to navigate through a web site.

(Also, BTW, be sure to tell your friends at rpgenerationx.net
to run their HTML through the W3C validator at
<http://validator.w3c.org/>.)

Cheers!  Hans

Hans Boldt, ILE RPG Development, IBM Toronto Lab, boldt@ca.ibm.com


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---