[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    RE: Hosting ActiveX applets
From:       Russ <Russ.Cooper () RC ! on ! ca>
Date:       1997-06-09 15:56:23
[Download RAW message or body]

Unlike some opinions, I fail to see how the web has ever been anything
other than an attempt to swing you one way or another. Sure, you could
compare it to communism and say that its always intended to be
vendor-neutral bliss, but like communism, it typically fails
implementation or beta trials.

Unlike communism, there's nothing cramming anything down your throat
(other than your management...;-]) so you're pretty much free to do what
makes sense to you and your company.

If you were trying to market a support application for your Win95-based
application, you probably couldn't give a rat's ass that the Mac or
Solaris users might not use it. Further, if you can find a way to
securely implement some incredible functionality using ActiveX why not
use it?

Like most things, there are always going to be some sites that block
your applet, and you're going to block out a segment of your viewers
from being able to use it (the amount vastly differs according to the
demographics of your audience, my site http://ntbugtraq.rc.on.ca has a
viewer community that is fully 90% IE users).

So whether or not its "really cool" to be a communist may still be a
question for you, but the answer to your question is that serving up
ActiveX objects is no different than serving up any file from your web
site. They download it and it runs on their machine. If you provide some
server to interact with your application (not your web server) then the
issue is different, but if you merely supply them with the object and
maybe some data, you're fine.

Too bad you can't ask a security question and get a security answer,
instead of some hype borne out of frustration.

>We had independance from proprietary standards.

Geez, you make it sound like it was bliss. When exactly was this nirvana
anyway? Before or after RealAudio? Too bad Microsoft came along and
totally destroyed the web, eh? After all, it was Microsoft that invented
HTML-based SMTP, wasn't it? or was it?

>The real reason to not use ActiveX is because you probably
>don't need to

Wow, this is astute. Since when did need have to be the only reason?

>, and you're segmenting out your marketplace to pay
>homage to a vendor.

Do you honestly believe what you wrote here Adam? Do you honestly
believe that all of the people writing ActiveX objects are doing so
because they want to pay homage to Microsoft? Maybe they just want to
leverage something they already have written and don't feel like
re-writing the thing in Java, amongst a hundred other reasons that don't
involve laying tribute at Microsoft's feet.

>Also, there are all sorts of security problems
>with Microsoft's implementations.

Um, with the browser, right? After all, ActiveX at the server is nothing
more than a data file, isn't it, which was, after all, the poster
question. But I suppose one must, as you obviously do, consider the
possibility of someone writing a secure object impossible.

>Many firewalls filter ActiveX, just like you do(?).

Really? I didn't think we had gotten to the stage of "many" yet Adam.
Not that they shouldn't offer the option, or that people shouldn't
employ the option if its there, I just didn't think there were that many
that did yet.

>So why are you creating web pages that your own company
>wouldn't allow in?

Probably because most do not block ActiveX.

BTW, I'm not calling anyone a communist here, it was just a convenient
analogy.

Cheers,
Russ
R.C. Consulting, Inc. - NT/Internet Security
owner of the NTBugTraq mailing list:
http://ntbugtraq.rc.on.ca/index.html

[prev in list] [next in list] [prev in thread] [next in thread]