(no subject)
Looking up info about AJAX and remote scripting, I came across an article by someone who obviously works with satan ASP satan, about how remote scripting has been around since the very early days of ASP and was implemented in IE3. He goes on to say:
Quote from the article
What really has happened to fire this AJAX "repackaged evangelism" is that the Mozilla / Firefox people finally got religion and realized they needed to put in the equivalent of the XMLHTTP request object that has been in Microsoft's browsers since ancient history. Only, theirs is stunted- MSXML XMLHTTP can make a request to a resource on a different domain, and the Firefox implementation can not. (Sounds kinda like Natasha saying "Boris, you got PLAN?" -- while shooting him in the foot!).
So, it's a bad thing that Mozilla/Firefox (and all other mainstream browsers barring IE) has actually implemented it and not used an extra-over-the-top ActiveX plugin, is it? And it's stunted because it can't make a request to a different domain? Bollocks to you, mate, that's called making it a standard (which, as usual, IE is the only browser to do things differently) and adding a little fucking security! Fine, IE and ASP have been able to do remote scripting on specialised set ups (both server and client side due to the nature of ASP and ActiveX respectively) and it not too many people have been using it (or even known about it), but honestly, now that it's a "buzzword" that everyone's "jumping on the bandwagon of" (or, in actual terms, people who aren't elitest ASP/MS fucks are actually starting to hear about it and it be usable on a wide scale, rather than having to use IE [ew], ASP [ewew], MS's 'implementation' [ewewew] and a Windows server [ewewewewewEW!]) then being able to do remote-scripting across domains is completely and utterly asking for hacking and hijacking of Remote Scripting sites. Access to off-domain resources through the XMLHTTPRequest method wasn't errorneous on Mozilla's part, it was intentional. You allow any website to access any other site's remote scripts and it opens the door for real-time content stealing, restricted information from the site being openly available to anyone with knowledge of AJAX/RS/XMLHTTPRequest, even control of the website being taken over, depending on the level of implementation, amount of security checking and such.
Sure, you could batton down your scripts, make sure it's coming from the right place but you'd spend half the script on the security and it's possible to fake all information sent to the server from the client ANYWAY. So how do you make something like this secure? You disable cross-fucking-domain requests being made! Eh, hardly surprising the guy's so opinionated about it, he is evangalising ASP, of all things.
Oh, not to mention he was banging on about how great JSRS (JavaScript Remote Scripting) was and how it's been around for ages because it's simply using javascript and an IFrame as the 'connection,' which, in my view, is a poor way of achieving such functionality and is most likely why Remote Scripting has only just come to the fore-front, ya know, what with the XMLHTTPRequest object being actually fully implemented into non-IE browsers while IE lingers behind with an Active-"disabled-on-most-computers-with-good-reason"-X (*cough*viruses*cough*spyware*cough*adware*coughcoughcough*) plugin.
Quote from the article
What really has happened to fire this AJAX "repackaged evangelism" is that the Mozilla / Firefox people finally got religion and realized they needed to put in the equivalent of the XMLHTTP request object that has been in Microsoft's browsers since ancient history. Only, theirs is stunted- MSXML XMLHTTP can make a request to a resource on a different domain, and the Firefox implementation can not. (Sounds kinda like Natasha saying "Boris, you got PLAN?" -- while shooting him in the foot!).
So, it's a bad thing that Mozilla/Firefox (and all other mainstream browsers barring IE) has actually implemented it and not used an extra-over-the-top ActiveX plugin, is it? And it's stunted because it can't make a request to a different domain? Bollocks to you, mate, that's called making it a standard (which, as usual, IE is the only browser to do things differently) and adding a little fucking security! Fine, IE and ASP have been able to do remote scripting on specialised set ups (both server and client side due to the nature of ASP and ActiveX respectively) and it not too many people have been using it (or even known about it), but honestly, now that it's a "buzzword" that everyone's "jumping on the bandwagon of" (or, in actual terms, people who aren't elitest ASP/MS fucks are actually starting to hear about it and it be usable on a wide scale, rather than having to use IE [ew], ASP [ewew], MS's 'implementation' [ewewew] and a Windows server [ewewewewewEW!]) then being able to do remote-scripting across domains is completely and utterly asking for hacking and hijacking of Remote Scripting sites. Access to off-domain resources through the XMLHTTPRequest method wasn't errorneous on Mozilla's part, it was intentional. You allow any website to access any other site's remote scripts and it opens the door for real-time content stealing, restricted information from the site being openly available to anyone with knowledge of AJAX/RS/XMLHTTPRequest, even control of the website being taken over, depending on the level of implementation, amount of security checking and such.
Sure, you could batton down your scripts, make sure it's coming from the right place but you'd spend half the script on the security and it's possible to fake all information sent to the server from the client ANYWAY. So how do you make something like this secure? You disable cross-fucking-domain requests being made! Eh, hardly surprising the guy's so opinionated about it, he is evangalising ASP, of all things.
Oh, not to mention he was banging on about how great JSRS (JavaScript Remote Scripting) was and how it's been around for ages because it's simply using javascript and an IFrame as the 'connection,' which, in my view, is a poor way of achieving such functionality and is most likely why Remote Scripting has only just come to the fore-front, ya know, what with the XMLHTTPRequest object being actually fully implemented into non-IE browsers while IE lingers behind with an Active-"disabled-on-most-computers-with-good-reason"-X (*cough*viruses*cough*spyware*cough*adware*coughcoughcough*) plugin.