lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 21 Jul 2003 10:46:59 -0700 From: "Michael Howard" <mikehow@...rosoft.com> To: <bugtraq@...urityfocus.com> Subject: ActiveX security resources Following recent emails about securing ActiveX controls, we would like to bring the following resources to developers' attentions: _Designing Secure ActiveX Controls_ Guidelines for building security ActiveX controls, especially controls marked safe for scripting. http://msdn.microsoft.com/workshop/components/activex/security.asp _SiteLock Template 1.04 for ActiveX Controls_ The SiteLock template enables an ActiveX developer to restrict access so the control is only deemed safe in a predetermined list of domains. This limits the ability of Web page authors to reuse the control for malicious purposes http://msdn.microsoft.com/downloads/samples/internet/components/SiteLock /default.asp Cheers, Michael Writing Secure Code 2nd Edition http://www.microsoft.com/mspress/books/5957.asp
Powered by blists - more mailing lists