No. of Recommendations: 0
It's actually significantly different from PHP, ASP, .NET, and VB (as far as using a web browser goes). Those never run on the client machine and only end up rendering HTML. While Java can run on the back end as those do, in that manner it doesn't present a risk to the users themselves. It's when it's running on the client itself that is the problem (which is also an issue with Flash and, to a lesser extent, HTML 5).

To a programmer, you're 100% correct. To an end user, though, there's no meaningful difference. Sort of how Peter viewed a store-bought application such as Office as being more "trustworthy" than Zynga's latest Farmville rip-off... the only thing server-side dynamic code generation does is add the extra step of forcing the bad guys to create a malformed request via PHP, CGI, or whatever server-side language is being used, uploading it to the server, then exploiting the results to hijack the server itself before sending malicious payloads to end users. The end user doesn't know that the code came from a hacked server rather than an infected app, only that their computer is once again acting really weird, and the kid down the street told them to just buy a new one and start over.
Print the post  


When Life Gives You Lemons
We all have had hardships and made poor decisions. The important thing is how we respond and grow. Read the story of a Fool who started from nothing, and looks to gain everything.
Contact Us
Contact Customer Service and other Fool departments here.
Work for Fools?
Winner of the Washingtonian great places to work, and Glassdoor #1 Company to Work For 2015! Have access to all of TMF's online and email products for FREE, and be paid for your contributions to TMF! Click the link and start your Fool career.