>From my limited knoweledge on Telescript, one of the things their "security"
is based on, is Authorization. Only the scipts that are authorized at the
client side are permitted to execute, nothing else. I did something similar
to take care of the "security risk" involved in handling application/x-csh
by browsers. Wrote my own quick-and-dirty parser that does a fork and
exec on the scripts sent by servers based on client-side user-authorization.
More info available at:
http://www.eit.com/software/vsafecsh/vsafecsh.html
This approach requires users to be security aware, and be able to distinguish
between buggy and useful scripts however...
My $0.02....
-- Vinay Kumar vinay@eit.com> This has meant focussing > on the API between the client and script interpreter rather than an early > selection of language. Both Telescript and Safe-Tcl were designed with > different environments in mind, and we need to be creative about our needs > for fill-out forms and later on perhaps, for coordinating different media. > I also feel that the Web deserves a scripting language that makes it > especially easy for novices to get started. Does Telescript or Safe-Tcl > really match up to this? > -- > Best wishes, > > Dave Raggett