WebApp Sec mailing list archives
Re: ActiveX controls within an Intranet Environment
From: GuidoZ <uberguidoz () gmail com>
Date: Fri, 26 Nov 2004 17:49:08 -0800
Hello Marian! I was under the same situation before. One of the companies I was supporting used a proprietary ActiveX control to handle some of their business. Unfortunately, this made weaning them off of IE next to impossible. ActiveX in itself is inherentely insecure and should be avoided when possible, IMHO. Eventually I was able to have them move to a Java based solution instead which helepd with security AND allowed cross browser/platform capability. Was wonderful news when it was finally implemented and everythign was working. I never tried to do any real studies on the actual risks involved with that particular app, although most are aware of the risks associated with ActiveX as a whole. Just link Windows, it wasn't designed with security in mind, but with functionality instead. Doing some quick Google searches on "activex risks" or "activex security" should reveal a plethora of resources and information on the topic. -- Peac.e ~G On Fri, 26 Nov 2004 13:48:57 +1300, Marian Fitzgerald <marian.fitzgerald012 () msd govt nz> wrote:
Hello all, I am carrying out a risk assessment on an application that we are looking to deploy internally - however there is a dependency on ActiveX by the app. I am constantly receiving security updates on the vulnerabilities associated with using ActiveX but would like to be able to quantify the risks appropriately. Could you offer any input on this? Thank you Marian ------------------------------- This email message and any attachment(s) is intended only for the person(s) or entity(entities) to whom it is addressed. The information it contains may be classified as IN CONFIDENCE and may be legally privileged. If you are not the intended recipient any use, disclosure or copying of the message or attachment(s) is strictly prohibited. If you have received this message in error please notify us immediately and destroy it and any attachment(s). Thank you. The Ministry of Social Development accepts no responsibility for changes made to this message or to any attachment(s) after transmission from the Ministry. -------------------------------
Current thread:
- ActiveX controls within an Intranet Environment Marian Fitzgerald (Nov 27)
- Re: ActiveX controls within an Intranet Environment GuidoZ (Nov 27)