ActiveX Security Questions

[Robert Sullivan]

>Second, can NTFS file permissions protect us from the security problems
>with IE5 and ActiveX?

I have asked this question on several lists in a different way - if your NTFS
permissions are set properly, can ActiveX (or anything else) cause damage that
the user would not otherwise have rights to do?

>"Unfortunately, the ActiveX control has free access to the user's file
>system and can easily be made to run amok, overwriting vital system files
>or planting Trojan Horse programs within the system.

We have operated for nearly two years without any problems of this nature, and
I am inclined to think that if your patrons can't overwrite the system files,
you're safe.  It would be nice to have confirmation of this, though.

Technical note: we use very restrictive file and directory permissions
(Internet Explorer doesn't have any problems with that), but have the browser
security set low to avoid the errors Donna mentioned.

Bob Sullivan                               scp_sulli at sals.edu
Schenectady County Public Library (NY)     http://www.scpl.org