Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Results, Not Resolutions
Bruce Schneier and Adam Shostack , SecurityFocus 2002-01-24

A guide to judging Microsoft's security progress.

Comments Mode:
Results, not Resolutions 2002-01-24
Anonymous
Results, not Resolutions 2002-01-24
Gary McGraw
Results, Not Resolutions 2002-01-24
David Litchfield (2 replies)
Results, Not Resolutions 2002-01-24
davep (at) pitt (dot) edu [email concealed] (1 replies)
Results, Not Resolutions 2002-01-25
Nicholas Harring
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-24
Anonymous (1 replies)
Results, Not Resolutions 2002-01-24
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous (6 replies)
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-25
Anonymous
Your Homework! 2002-01-25
Anonymous
No SOAP? How do you do remote procedure calls over the web? 2002-01-26
Anonymous
Well, to conclude: Use Java, M$ 2002-01-25
Anonymous (1 replies)
Well, to conclude: Use Java, M$ 2002-01-25
Trithemius (1 replies)
Well, to conclude: Use Java, M$ 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
BMaximus
SOAP Recommendation is Silly 2002-01-25
Anonymous (1 replies)
SOAP Rec is correct 2002-01-26
Anonymous
Almost right on the compensation 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Anonymous
Results, Not Resolutions 2002-01-25
Chris
Regarding macros in documents... 2002-01-25
Anonymous
Regarding the 'macros should NOT be stored in documents'.

Surely this is a little strong. It should be possible to store macros in documents IMO, BUT the macros should be effectively sandboxed such that they can only (a) deal with the document containing the macro OR (b) create a new document, and cause actions to be done on THAT document (and, at the option of the macro in the creating document, allow macros in the new document to affect the old document). Anything more than this MUST require a separate template-like system for 'more powerful' macros. etc. etc.

Basically this is a 'tainting' system for the effects of macros so that a macro can only affect a document that 'trusts' it. But I think that simply banning macros is a little heavy handed --- most are harmless, useful and convenient to have in the relevant document, and one need not necessarily ditch macros in documents lock, stock and barrel.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/315/10152#10152
SOAP Comment misunderstood it seems... 2002-01-25
Anonymous
Things getting out of hand here? 2002-01-26
Toni Heinonen
Microkernel smog 2002-01-27
Grumpf
If SOAP should go then so should CGI! 2002-01-28
TerryC
Inaccuracies and crazy talk 2002-01-28
Anonymous
Results, Not Resolutions 2002-01-28
Anonymous
Microsoft's Recommend Development Process 2002-01-28
Anonymous







 

Privacy Statement
Copyright 2007, SecurityFocus