|
Posted by Andy Dingley on 12/27/06 16:10
galt_57@hotmail.com wrote:
> Is this stuff justified?
What stuff?
Flash is excellent for any site that needs (NB - needs) to have
animated graphics beyond that easily obtained by trivial CSS or
JavaScript. This doesn't include trivial page logos, and especially not
crucial nav menu buttons. However there's still plenty where Flash is
appropriate and useful.
ActiveX is also useful, for a bare handful of "well-known" controls.
But after you've installed them on your new desktop from the half-dozen
trustworthy sites that offer them, then lock the machine down hard and
never install another.
The difference between Flash and ActiveX is in the separation of risk
and content. Flash is a high-risk component from one site (hopefully
and which can be trustworthy) that allows you safe promiscuous access
to Flash content from many untrustworthy sites. You _install_ it
carefully, then you're safe to go anywhere.
ActiveX is sometimes like this (good, as described above) but
potentially different and hazardous. With random ActiveX components
from different sites it's a promiscuous install, and that's where the
danger lies. Certainly don't allow them to be installed from anywhere.
ActiveX also has some other problems. It's from M$oft, who don't have a
credible track-record for security. It's also harder to prove that an
ActiveX from a trusted source is still safe when deliberately
mis-handled by a rogue site (M$oft shipped a real doozy for this back
in '97, in the very first release of ActiveX). Also the "signed" aspect
of ActiveX is laughably insecure.
[Back to original message]
|