Problems? Is your data what you think it is? | |
PerlMonks |
Re4: What Does Microsoft Think of Perl?by Ionitor (Scribe) |
on Jul 20, 2002 at 14:57 UTC ( [id://183599]=note: print w/replies, xml ) | Need Help?? |
As is pointed out below, this is a fairly old article. In its current state, there is little (read no) likelyhood that PerlScript will be installed by default on Windows/IE.
Of course, there are those that will install PerlScript (such as myself). At one point, this was fairly dangerous, as is mentioned here. PerlScript is too powerful (it lacks the "sandbox" of JavaScript) to be used for general web scripting at the moment. Testing on my own machine, I was able to use PerlScript in a web page to delete a file on my computer, without any sort of prompt whatsoever. However, the page linked to is out of date. It says that the only way to avoid this problem is to not browse the web or turn off scripting in the browser for any machine that has PerlScript installed. Looking at the current documentation for PerlScript, there is a registry setting that limits PerlScript to certain IE Internet zones. By default PerlScript only runs in the "local intranet", which means that a random site on the web cannot use it to attack your computer. It also means that a company can choose to use client-side PerlScript on their intranet web sites without severely comprimising the security of their users' computers. In short, the current default in every version of Windows is that PerlScript is not installed. If it is installed, a client's PerlScript will not be available to regular web sites. Even if a user decided to be stupid and enable PerlScript for the Internet zone in IE, it is unlikely that many malicious sites would bother targeting their attacks on that tiny group of people (which is presumably much smaller than the group of people that will just click "yes" and install any ActiveX control that the web site asks them to).
In Section
Meditations
|
|