Reply to Re:  vs — HTML

Posted by TC on 09/12/06 14:42

Andy Dingley wrote:
> TC wrote:
> > This is the poorly known and generally misunderstood "Mark Of The Web",
> > or MOTW. It adjusts the operation of the "Local Machine Lockdown"
> > feature that was added in Windows XP SP2.
>
> Hang on - have I got this right?
>
> Suppose I'm an 3v1l h4xx0r d00d, out to perform evil upon your IE
> browser. I manage to deploy my nasty payload to your machine, but IE
> saves you because the local filesystem is now seen as untrustworthy
> (I'll let the stupidity of this approach pass for a moment).
>
> Now I'm thwarted and my evil doings are as naught. But if I add the
> mystical incantation  to my
> payload files, they'll start being powerfully evil again ?
>
> Excuse me if I'm somewhat underwhelmed by this particular bit of
> Security Theatre....

1. The change increases the default security of the Local Zone. I think
that's a good idea.

2. It is not a "mystical incantation". It is clearly documented in
MSDN:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/motw.asp

3. It faciliates local testing of pages that will eventually be run
from other security zones (Internet, Restricted, Trusted, etc.).

TC (MVP MSAccess)
http://tc2.atspace.com

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация