Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Active X exploit.
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 27 Aug 1997 21:25:23 +0100

What ActiveX doesn't have is a sandbox. That's different than saying
that there's no security.

ActiveX controls are _signed_ DLLs. You run the code if you trust the
signer. If you do, you know that no one has tampered with the code since
the signer signed it.

That's more secure than what I buy at the store.

When sir, was the last time you walked into a store and every time you
looked at a package it automatically installed itself and ran ?

Signing things is good practice, and its one I'm pleased to see many
OS and product vendors adopting. Automatically running things that are
signed is a different matter.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]