ActiveX security

Prentiss Riddle riddle at is.rice.edu
Tue Oct 29 10:39:12 EST 1996


> From web4lib at library.berkeley.edu  Mon Oct 28 17:41:41 1996
> Date: Mon, 28 Oct 1996 15:43:30 -0800
> From: Peter Kumaschow <peterk at opennet.net.au>
> To: Multiple recipients of list <web4lib at library.berkeley.edu>
> Subject: Re: Java/JavaScript security
> 
> I've heard that ActiveX is even worse. Does anyone have a resources
> that discusses ActiveX security issues?

>From what I understand, while Java tries to ensure a secure environment
in which untrusted programs can do no harm, ActiveX programs are given
relatively free rein.  Instead, there are plans to support
authentication of ActiveX programs so you can know who you are trusting
when you run one.  (That's the theory, anyway -- personally I'm
doubtful.  Even if the authentication system could be made to work
relaibly, I think that naive users would run programs from
hackers-R-us.org anyway.)

The usual WWW security sites don't have much on ActiveX.  My guess is
that academics are more interested in Java.

The WWW Security FAQ C|Net has a brief page on ActiveX security:

	http://www.activex.com/security.html

Then there's the "ActiveX Exploder", a program that demonstrates
ActiveX security problems by powering down a Windows95 box:

	http://www.halcyon.com/mclain/ActiveX/

If anyone knows of other useful sites, I'd like to hear about them.

-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle at rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Opinions expressed are not necessarily those of my employer.


More information about the Web4lib mailing list