TIP: Click on subject to list as thread! ANSI
echo: rberrypi
to: DELOPTES
from: MARTIN GREGORIE
date: 2020-08-17 14:55:00
subject: Re: Lightweight Browser
On Mon, 17 Aug 2020 15:22:52 +0200, Deloptes wrote:

> but how do you know it is web server extention?
>
Standard issue web servers only read the requested plain text  from the
host filing system and send that to the requester without modification.
Images etc are retrieved and displayed by the browser as it prepares the
page of text for display to the user. This is all the web server is
designed and built to do.

The code needed to process anything, such as PHP or Javascript inserts in
the web page is not a core part of the web server, so you have to install
code such as PHP and Javascript interpreters separately from the HTML
server and then configure the server to call them. By definition these
external functions are known as server extensions since they are not
integral parts of the web server.

Since the extension calling mechanism exists, it is also possible to
write custom extensions in C, Java or any other language you prefer and
either embed triggers for them in the web pages you're serving or to call
an extension to generate the page text instead of reading it from a
filing system.

The latter is how sites such as eBay and Amazon work and is also how
adverts get injected into pages.


> Look, it is about who takes the responsibility. In your words some third
> party without the knowledge of web site owner alters the content, which
> IMO is not correct.
>
Don't put words in my mouth.

I said that the AUTHOR of the page does not make these alterations, but
the *owner of the web server* can and often does configure his webserver
to do stuff such as injecting adverts into pages that other people, e.g.
Wikipedia volunteer editors, have written.


> The fact that the content comes via SSL to you means no one is altering
> it between you and the server

Not strictly true - Man-in-the-middle-attacks can do exactly that. Almost
certainly The Great Wall Of China could do it too, but it mostly just
blocks stuff it doesn't like. GCHQ and the NSA could also modify messages
in transit if they wanted to but are more interested in reading them.

> and it means (presumably the server is not compromised)
>
Correct

> you see exactly what the web site owner wanted you to see
>
also correct.

> including the tons of advertisement that no one knows where is coming
> from.
>
incorrect: the web server owner knows exactly where the ads are coming
from because he's getting paid to inject them into outgoing pages.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.