Bugtraq mailing list archives
Re: Active X exploit.
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 27 Aug 1997 21:25:23 +0100
What ActiveX doesn't have is a sandbox. That's different than saying that there's no security. ActiveX controls are _signed_ DLLs. You run the code if you trust the signer. If you do, you know that no one has tampered with the code since the signer signed it. That's more secure than what I buy at the store.
When sir, was the last time you walked into a store and every time you looked at a package it automatically installed itself and ran ? Signing things is good practice, and its one I'm pleased to see many OS and product vendors adopting. Automatically running things that are signed is a different matter. Alan
Current thread:
- Re: Active X exploit. Andreas Bogk (Aug 26)
- <Possible follow-ups>
- Re: Active X exploit. Paul Leach (Aug 26)
- Re: Active X exploit. Casper Dik (Aug 27)
- Re: Active X exploit. David Holland (Aug 27)
- Re: Active X exploit. Alan Cox (Aug 27)
- Re: Active X exploit. Lutz Donnerhacke (Aug 27)
- Re: Active X exploit. Paul Leach (Aug 27)
- Re: Active X exploit. Erik Tornstam (Aug 28)
- Re: Active X exploit. Frank Kargl (Aug 28)