[30832] in bugtraq
ActiveX security resources
daemon@ATHENA.MIT.EDU (Michael Howard)
Mon Jul 21 14:02:44 2003
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Date: Mon, 21 Jul 2003 10:46:59 -0700
Message-ID: <4B0F3B603558B44B9F4608630B4F641108115BC8@red-msg-06.redmond.corp.microsoft.com>
From: "Michael Howard" <mikehow@microsoft.com>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
Following recent emails about securing ActiveX controls, we would like
to bring the following resources to developers' attentions:
_Designing Secure ActiveX Controls_
Guidelines for building security ActiveX controls, especially controls
marked safe for scripting.
http://msdn.microsoft.com/workshop/components/activex/security.asp
_SiteLock Template 1.04 for ActiveX Controls_
The SiteLock template enables an ActiveX developer to restrict access so
the control is only deemed safe in a predetermined list of domains. This
limits the ability of Web page authors to reuse the control for
malicious purposes
http://msdn.microsoft.com/downloads/samples/internet/components/SiteLock
/default.asp
Cheers, Michael
Writing Secure Code 2nd Edition
http://www.microsoft.com/mspress/books/5957.asp
