Q: What is the risk involved if we have Java, Javascript code in our webpages?

"When you enable Java and Javascript on your browser you are downloading and executing hundreds of unknown programs as fast as you surf the web (these programs are written by a whole gamut of people, ranging from the incompetent to the malicious."

Answered by Sidd / Membrane.com

There are several different things goin on here:

1) java and javascript can run on either the webserver (via server side applets) or on the client browser (Internet Explorer, Safari, Firefox, Chrome)

2) anything that runs on the server is under our control and we do keep very close track of it

3) we dont like downloadable code (of any kind) to run on the client browser

think of it this way .. if u go to a website and they tell u to download and run an executable .EXE file, would u do it ? when u enable java and javascript on your browser u r downloading and executing hundreds of such programs as u surf the web (which were written by a whole gamut of people, ranging from the incompetent to the malicious.)

if u have downloadable code for the client browser on your web site you require all your viewers to lower their security settings on their browser to enable java or javascript. This is not a good thing for the viewer.

4) you have no control over the java/javascript/shockwave/flash engines that the viewer has on his computer. Microsoft is not even including the java engine anymore in IE after they lost the judgement to sun whatch gonna doo.. write versions in activex as well? or whatever latest language someone comes up with ?

Further: these engines in the browser are buggy as hell. Browsers crash becoz of their terrible java implementations. Sun isnt helping any by refusing to opensource the base code.

i have more reasons but i think i will get off my soapbox now

hope this helps

Back To The Study