Re: Re: Re: Re: ActiveState's HTML documentation

I'm not entirely sure if you fully grok the concept of the Windows Scripting Host.

The idea is that when any program uses the WSH for it's scripting, any WSH compatible language can be used. Take dIRC, a simple IRC client which uses the WSH. You can use any language to program it, even ones released after the program was released. People can chose to code in whatever language the like, be it from ObjectRexx to TCL.

You say that PerlScript's more dangerous than JavaScript, but I doubt that this is true, especially considering that both will be given the same permissions. PerlScript only runs with the permissions it's given, and obviously those permisions are different based on whether it's through Internet Explorer, through ASP, or through something entirely seperate.

And PerlScript is _much_ closer to Perl than Javascript will ever be to Java.

Comment on Re: Re: Re: Re: ActiveState's HTML documentation

Replies are listed 'Best First'.
PerlScript is painful (was ActiveState's HTML documentation) by $code or die (Deacon) on Sep 04, 2001 at 17:47 UTC
I fully grok the concept of the Windows Scripting. I've written countless Windows Script components and have recently written Inline::WSH (although it's not in a fit enough state to be released to the public). PerlScript is _much_ closer to Perl than Javascript will ever be to Java. Exactly!! But remember that JScript is also different to JavaScript, Javascript isn't a Windows Scripting language - Jscript, however is. Remember I was talking about using Perlscript in the client's browser - not in applications like dIRC and not in ASP and not in WSC. Please see my new mediation on this subject And if you still don't think it's a risk then I'll be happy to give you a demonstration of how I can email myself copies of your private files and shutdown your machine by you simply navigating to one of my pages. or reading an email from me. Error: Keyboard not attached. Press F1 to continue.	[reply]
Re: Re: Re: Re: Re: ActiveState's HTML documentation by John M. Dlugosz (Monsignor) on Sep 04, 2001 at 19:39 UTC
but I doubt that this is true, especially considering that both will be given the same permissions. PerlScript only runs with the permissions it's given, and obviously those permisions are different based on whether it's through Internet Explorer, through ASP, or through something entirely seperate. What "permissions" is that? OS-level access to files and certain abilites is based on the user attached to the thread. Does a script in a client run as a restricted user? I don't think so, since I used PerlScript in a local window for an application (before Win32 Tk was mature enough) and didn't run into access problems. Do you mean it sandbox's various Perl abilities, like accessing files at all, in the same manner as Java? I can see how that's possible on the surface because the Perl DLL is customized by the main program to point to the system interfacing code including file I/O, and the ActiveX script engine could put logic there. But, does it also have hooks to prevent loading of unapproved pm's, and does every XS writer also put in these permission checks? I don't think it would stay sandboxed, unless it was totally gagged from the beginning. Basically, it's an intractable problem. Unless sandboxing is built into the language (and its extension features) from the onset, any fully-capable language can get around any after-the-fact security. Windows XP is supposed to have a totally different security model, which restricts access to things based on the program that's asking rather than the logged on user. That sounds like a major improvement, thanks to the way most Win32 systems are set up.	[reply]


Syntactic Confectionery Delight
	PerlMonks