Stupid ebay/amazon question

[Christopher Schmidt]

On Thu, Jun 29, 2006 at 01:22:43PM -0400, John Abreau wrote:
> Christopher Schmidt wrote:
> 
> > 
> > And all of this is completely unrelated to the discussion at hand, which
> > is a question of whether there is code inside of eBay's HTML,
> > Javascript, etc. which external users placing content on eBay's servers
> > can exploit to get access to your personal information as known by eBay.
> > 
> 
> I've seen some pretty fancy auction pages on eBay, some of which would
> be difficult for the seller to create without some sort of dynamic
> html capability such as php.  

There is no publicly identified way for users to run pages on *eBay's
servers*. If you find evidence to the contrary, I would be very
interested in seeing it. 'It looks dynamic' doesn't mean much to me.
You could include an iframe in an ebay auction page, and have it load
all the data from some other server, which would give you the look that
you've described, without needing to run code on eBays's server.

> As I pointed out in an earlier reply in
> this thread, if a seller can use anything like php, asp, or jsp, then
> they potentially have access to any and all data your browser passes
> to eBay's web server.  If you're logged into ebay at the time, I imagine
> that probabyl includes your ebay login name.

It sounds like we are in agreement that running code on the server
generating the auction page would mean something different from being
able to include pages from another site. I've seen much evidence of the
latter, and never seen any evidence of the former.

-- 
Christopher Schmidt
Web Developer