>>>>> "Edward" == Edward P Luwish <eluwish at uswest.com> writes:

Edward> Lex Spoon has a link on his web page to a rather scary paper
Edward> explaining how (as late as 1997) JavaScript opens a security
Edward> hole big enough to pass the entire WWW through.  Until someone
Edward> assures me that it has been fixed, I have turned it off
Edward> everywhere I have a browser.  Basically all your traffic can
Edward> be redirected through a rogue site [e.g. prepending its name
Edward> to whatever url you pick, ala
Edward> http://www.name-of-rogue-domain.com/http://www.squeak.org]
Edward> (bypassing SSL) and JavaScript can write to the status line
Edward> and location line on your browser so you will not see the url
Edward> you are passing through.  I think I'll wait until swiki.net is
Edward> Scamper-ized.

I also run my browser on the Wild, Wild, World Wide Web with
1) javascript disabled
2) java disabled
3) cookies set to "ask", and I almost always say no

There's no need to use *my* computer to do *your* computations.
Just say no to client-side scripting. :)

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn at stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!