Re: Active X exploit.

Alan Cox (alan@LXORGUK.UKUU.ORG.UK)
Wed, 27 Aug 1997 21:25:23 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Yuri Volobuev: "syslogd fun"
Previous message: Christopher Craig: "Re: More ssh fun (sshd this time)"
Maybe in reply to: Peter Shipley: "Active X exploit."
Next in thread: Frank Kargl: "Re: Active X exploit."

> What ActiveX doesn't have is a sandbox. That's different than saying
> that there's no security.
>
> ActiveX controls are _signed_ DLLs. You run the code if you trust the
> signer. If you do, you know that no one has tampered with the code since
> the signer signed it.
>
> That's more secure than what I buy at the store.

When sir, was the last time you walked into a store and every time you
looked at a package it automatically installed itself and ran ?

Signing things is good practice, and its one I'm pleased to see many
OS and product vendors adopting. Automatically running things that are
signed is a different matter.

Alan

Next message: Yuri Volobuev: "syslogd fun"
Previous message: Christopher Craig: "Re: More ssh fun (sshd this time)"
Maybe in reply to: Peter Shipley: "Active X exploit."
Next in thread: Frank Kargl: "Re: Active X exploit."