have browser, will travel
In case you haven't seen it, here's the silly security advisory from CERT.
This has been an issue since the beginning of web time - it's amusing that it's coming to the front now.
Dvorak believes CERT is now Microsoft's mouthpiece to help them revive the old proprietary MSN. I was a subscriber on MSN in '95 when Win95 came out. I actually liked that service. (ducking)
When I first read the CERT advisory, the first thing I thought was, "That's funny, WebObjects apps are immune to this problem!"
WebObjects' "WOString" element, which is used to output a string to a web page, has a property called "escapeHTML". It's set to YES (true) by default. To make a WO app vulnerable to "Cross-site scripting" holes, you'd have to set that property (manually) to NO (false).
Of course, there are times (not many, depending on your app) you need to set escapeHTML to NO, but when you do that, you need to be smart.
New Apple TechInfo Library Article: WebObjects and Dynamic Content. (Found at Stepwise)
have browser, will travel
I received this e-mail from FreeMac today: (this is just a snippet)
Unfortunately, Apple Computer had a change of heart and decided not to allow us to purchase Apple iMacs from them at wholesale prices.
Frankly, we were surprised by Apple's decision, but we were not discouraged. We advised them that we would still be willing to acquire iMacs by paying FULL RETAIL PRICE! And Apple Computer still said no. They did more than say no. They prohibited their major retail accounts from selling us iMacs -- even at regular retail prices! And so we've reached a point where we have to deliver what I know is some very disappointing news to many of you. We simply aren't being allowed to purchase the iMac computers to distribute to you. Apple Computer has left us no choice here.
I'm not an economist, I'm not even good with money. Could somebody PLEASE EXPLAIN to me why Apple wouldn't want to sell a million iMacs to this company?
have browser, will travel
In response to my little piece about freed software, John "St. Nick" Nicholas shares his experience with a proprietary software company.
Roepcke Computing Solutions
Archive Calendar
Blogroll
Saved Searches
- WebObjects on Twitter Tweets about WebObjects (without all the iTunes store tweet spam)
Willing to Fail
WebObjects book
Badges
Recent tweets
- @therawtwinkie I sincerely hope the changes help you, but I fear it's a sellout to the insurance co's, & in the long run it only helps them. in reply to therawtwinkie 6 hrs ago
- I feel bad for my American friends today. They wanted change not more corporate control over their lives. Nobody seems happy about #hcr bill 6 hrs ago
- @grouchoduke *cough*iPad*cough* in reply to grouchoduke 11 hrs ago
- More updates...