Could you give those of us unfamiliar the specifics of .net a description of
the new security model? In what way is it better?

Is it possible to differentiate between .net Active-X controls, and
"standard" ones? Why would malicious coders bother the use the .net
controls if they will be more restricted when they can just write them in
the old model with 100% system access?

Thanks,
Paul.

-----Original Message-----
From: Elan Hasson [mailto:elandaryl.org]
Sent: Monday, June 03, 2002 10:13 AM
To: David Garnier; webmasterTHEMCLONES.COM
Cc: webappsecsecurityfocus.com
Subject: RE: Autoexec Prober

.net has a way better security model.

-----Original Message-----
From: David Garnier [mailto:david.garnieririsa.fr]
Sent: Monday, June 03, 2002 3:30 AM
To: webmasterTHEMCLONES.COM
Cc: webappsecsecurityfocus.com
Subject: Re: Autoexec Prober

The security model of Active-X controls goes like that:
"If you allow a digitally signed Active-X control to run, it can do
whatever it wants to do. It is safe because you trust the signer of the
control."

So ok, you demonstrated that Microsoft's view of mobile code security is
flawed, especially compared to the sandbox model of Java.

Best regards,
David Garnier

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]