|
|
ActiveX security resources: msg#00308security.bugtraq
Following recent emails about securing ActiveX controls, we would like to bring the following resources to developers' attentions: _Designing Secure ActiveX Controls_ Guidelines for building security ActiveX controls, especially controls marked safe for scripting. http://msdn.microsoft.com/workshop/components/activex/security.asp _SiteLock Template 1.04 for ActiveX Controls_ The SiteLock template enables an ActiveX developer to restrict access so the control is only deemed safe in a predetermined list of domains. This limits the ability of Web page authors to reuse the control for malicious purposes http://msdn.microsoft.com/downloads/samples/internet/components/SiteLock /default.asp Cheers, Michael Writing Secure Code 2nd Edition http://www.microsoft.com/mspress/books/5957.asp |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | RE: Re: FW: Windows Update - Unsafe ActiveX control (fwd): 00308, liudieyuinchina |
|---|---|
| Next by Date: | Re: CGI.pm vulnerable to Cross-site Scripting: 00308, Erwann CORVELLEC |
| Previous by Thread: | Path disclosure and file retrieving in AtomicBoard-0.6.2i: 00308, gr00vy |
| Next by Thread: | [CLA-2003:698] Conectiva Security Announcement - apache: 00308, Conectiva Updates |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |