Maybe security is of higher importance than convenience?
In particular in multi-user systems there's no reliable way to detect
that you've wandered into another user's directory. This can happen on
Windows and Mac just as much as Linux or Unix of course. So there was
a class of attacks that involved getting a user to load a script that
someone else had written.
Rather like double-clicking on a Word document with macros, in fact.
It's all a workaround for the fact that we're using operating systems whose
security model is 50 years out of date. Where there's a strong distinction
between "programs" and "data" that's unrealistic in today's world, and where a
program is either trusted or untrusted, and if it's trusted then it can do
anything, and if it's not trusted then it can do nothing.
I guess we'll have to wait for an even bigger cyber-disaster before the world
wakes up to the fact that it doesn't have to be like this. Meanwhile, browsers
are trying to provide a layer of protection that ought to be provided in the
operating system, and of course they're doing it really clumsily.
Michael Kay
Saxonica
--~----------------------------------------------------------------
XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
EasyUnsubscribe: http://lists.mulberrytech.com/unsub/xsl-list/1167547
or by email: xsl-list-unsub(_at_)lists(_dot_)mulberrytech(_dot_)com
--~--