On 10/2/05, gnor / x-mail.net <gnor / x-mail.net> wrote:
> [...] And, if aString is "WScript.Network", Mr. Bad Guy can wreak
> havoc there. [...]

Actually, most of the elided isn't true. One cannot randomly execute WSH
stuff from web pages. One has *never* been able to randomly execute WSH
stuff from web pages without there being some other exploit in the first
place.

> Windows indiscriminately giveth away the full API. Under *NIX, this is
> slightly better.

Again, this isn't really true.

[...]

Security is available in Ruby, but ultimately it's up to the developer
and the deployer to ensure that they follow secure practices.

-austin
--
Austin Ziegler * halostatue / gmail.com
               * Alternate: austin / halostatue.ca