[4650] in WWW Security List Archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: more active-x

daemon@ATHENA.MIT.EDU (David M. Chess)
Tue Mar 4 15:42:10 1997

Date: Tue, 4 Mar 97 13:17:37 EST
From: "David M. Chess" <CHESS@watson.ibm.com>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

So does anyone have any idea how SurfinShield Xtra might
actually work?  I've been telling people right and left
that ActiveX is intrinsically incompatible with a
partial-trust model like Java's, because once the
ActiveX control starts running, it can do anything it
likes.  And now Finjan implies they can keep a running
ActiveX control from doing certain things to the
filesystem and the network.  Have they written an
access-control system that sits on top of Win95?
Seems moderately unlikely.  Or do they just prevent
ActiveX controls from writing to the filesystem by
refusing to let them run at all?  *8)

DC


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[4650] in WWW Security List Archive

Re: more active-x

daemon@ATHENA.MIT.EDU (David M. Chess)Tue Mar 4 15:42:10 1997

daemon@ATHENA.MIT.EDU (David M. Chess)
Tue Mar 4 15:42:10 1997