Following recent emails about securing ActiveX controls, we would like
to bring the following resources to developers' attentions:
_Designing Secure ActiveX Controls_
Guidelines for building security ActiveX controls, especially controls
marked safe for scripting.
http://msdn.microsoft.com/workshop/components/activex/security.asp
_SiteLock Template 1.04 for ActiveX Controls_
The SiteLock template enables an ActiveX developer to restrict access so
the control is only deemed safe in a predetermined list of domains. This
limits the ability of Web page authors to reuse the control for
malicious purposes
http://msdn.microsoft.com/downloads/samples/internet/components/SiteLock
/default.asp
Cheers, Michael
Writing Secure Code 2nd Edition
http://www.microsoft.com/mspress/books/5957.asp
to bring the following resources to developers' attentions:
_Designing Secure ActiveX Controls_
Guidelines for building security ActiveX controls, especially controls
marked safe for scripting.
http://msdn.microsoft.com/workshop/components/activex/security.asp
_SiteLock Template 1.04 for ActiveX Controls_
The SiteLock template enables an ActiveX developer to restrict access so
the control is only deemed safe in a predetermined list of domains. This
limits the ability of Web page authors to reuse the control for
malicious purposes
http://msdn.microsoft.com/downloads/samples/internet/components/SiteLock
/default.asp
Cheers, Michael
Writing Secure Code 2nd Edition
http://www.microsoft.com/mspress/books/5957.asp
[ reply ]