The Motley Fool Discussion Boards

Previous Page

Computers, Phones & Internet / Help with this STUPID computer!


Subject:  Re: Yet another Java flaw Date:  10/3/2012  1:18 PM
Author:  mmrmnhrm Number:  182043 of 198376

It's actually significantly different from PHP, ASP, .NET, and VB (as far as using a web browser goes). Those never run on the client machine and only end up rendering HTML. While Java can run on the back end as those do, in that manner it doesn't present a risk to the users themselves. It's when it's running on the client itself that is the problem (which is also an issue with Flash and, to a lesser extent, HTML 5).

To a programmer, you're 100% correct. To an end user, though, there's no meaningful difference. Sort of how Peter viewed a store-bought application such as Office as being more "trustworthy" than Zynga's latest Farmville rip-off... the only thing server-side dynamic code generation does is add the extra step of forcing the bad guys to create a malformed request via PHP, CGI, or whatever server-side language is being used, uploading it to the server, then exploiting the results to hijack the server itself before sending malicious payloads to end users. The end user doesn't know that the code came from a hacked server rather than an infected app, only that their computer is once again acting really weird, and the kid down the street told them to just buy a new one and start over.
Copyright 1996-2018 trademark and the "Fool" logo is a trademark of The Motley Fool, Inc. Contact Us