"David N. Murray" <dmurrayat_private> wrote: > What can computer manufacturers and software companies do about the > problem > of security holes in pre-installed ActiveX controls? As it turns out, > Internet Explorer 5 already offers a great solution. IE5 supports a new > feature called HTML applications (or .HTA files). An HTML Application > is > built like a Web page but can only be loaded and execute from the hard > drive. Because an .HTA file comes from the local drive and not the > Internet, scripts on the page are a completely trusted and are allowed > to > use all ActiveX controls installed on a system whether the controls are > marked safe or not. For an HTML application, none of its private > ActiveX > controls have to marked safe for scripting and therefore the controls > cannot > be misused on Web pages. > I hate to burst your bubble, but .HTA files can come from the Internet. When an IE4 or IE5 browser encounters a .HTA file on the Internet, it prompts with a typical open/save dialog box. If you tell the dialog to open it, it runs on your system with fully trusted permissions (i.e. no security). For an example of a .HTA from the Internet go to... http://msdn.microsoft.com/workshop/essentials/versions/Ie5hta.asp and look for a link on the page with the text: "Here's how this simple HTA looks". McKay ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:45 PDT