DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 4 of 4

Thread: IE Script Security Settings

  1. #1
    Chris Guest

    IE Script Security Settings


    I am writing HTML for the intranet site, and am using script to open Word
    documents in Word, using CreateObject("Word.Application").

    To make this work requires setting a security option in IE. That is:Initialise
    and Script ActiveX controls not marked as safe. It must be set to Enable
    or Prompt.

    This setting is different for each user of the machine.

    How can I make this setting apply to everyone, or how can I make this CreateObject
    "safe"?

  2. #2
    Rich Bramande Guest

    Re: IE Script Security Settings

    "Chris" <firth@nor.com.au> wrote in message news:39a22843$1@news.devx.com...
    > How can I make this setting apply to everyone, or how can I make this

    CreateObject
    > "safe"?

    I hope you are only modifying the Trusted Sites Zone settings and not the
    Internet Zone settings. What you are proposing is an extremely dangerous
    move in either case. If you allow client side browser script to open word
    documents, then you are setting your clients up for major virus problems
    down the road. Personally, I wouldn't let a web site talk me into lowering
    my security settings. But, as a web developer, I did that exact thing to my
    clients...

    I took a slightly different approach when I needed my clients to run
    "dangerous" controls, etc. in IE. I didn't feel it proper to tamper or
    lower any of their security settings, so I created a completely new Security
    Zone in the registry with low security settings, then added my server IP
    address into it. This way I was sure that the security holes that I created
    on the client PC could only be used by my web server. This of course means
    that I have complete control to do anything I want to their PCs. They have
    to trust me not to. To do this, I created a Wise script that made the
    necessary registry changes. I can mail you the script if you want.
    However, I believe that these setting as you point out were only for the
    currently logged in user. I think that any others who used the PC also had
    to run my script. Sorry, I didn't investigate it very far.

    -Rich



  3. #3
    Michael Howard Guest

    Re: IE Script Security Settings


    Rich is 100% correct - do not change the settings for the zones unless you
    ABSOLUTELY must do so, rather add sites to zones.

    mh

    "Rich Bramande" <rich
    b500@hotmail.com> wrote:
    >"Chris" <firth@nor.com.au> wrote in message news:39a22843$1@news.devx.com...
    >> How can I make this setting apply to everyone, or how can I make this

    >CreateObject
    >> "safe"?

    >I hope you are only modifying the Trusted Sites Zone settings and not the
    >Internet Zone settings. What you are proposing is an extremely dangerous
    >move in either case. If you allow client side browser script to open word
    >documents, then you are setting your clients up for major virus problems
    >down the road. Personally, I wouldn't let a web site talk me into lowering
    >my security settings. But, as a web developer, I did that exact thing to

    my
    >clients...
    >
    >I took a slightly different approach when I needed my clients to run
    >"dangerous" controls, etc. in IE. I didn't feel it proper to tamper or
    >lower any of their security settings, so I created a completely new Security
    >Zone in the registry with low security settings, then added my server IP
    >address into it. This way I was sure that the security holes that I created
    >on the client PC could only be used by my web server. This of course means
    >that I have complete control to do anything I want to their PCs. They have
    >to trust me not to. To do this, I created a Wise script that made the
    >necessary registry changes. I can mail you the script if you want.
    >However, I believe that these setting as you point out were only for the
    >currently logged in user. I think that any others who used the PC also

    had
    >to run my script. Sorry, I didn't investigate it very far.
    >
    >-Rich
    >
    >



  4. #4
    Gene Black Guest

    Re: IE Script Security Settings

    Agreed, if they are 'captured' clients you could try deploying a 'branded'
    IE distribution using the IE Administration kit. Search IEAK at
    http://msdn.microsoft.com to locate.

    "Michael Howard" <mikehow@microsoft.com> wrote in message
    news:39a6b005$1@news.devx.com...
    >
    > Rich is 100% correct - do not change the settings for the zones unless you
    > ABSOLUTELY must do so, rather add sites to zones.
    >
    > mh
    >
    > "Rich Bramande" <rich
    > b500@hotmail.com> wrote:
    > >"Chris" <firth@nor.com.au> wrote in message

    news:39a22843$1@news.devx.com...
    > >> How can I make this setting apply to everyone, or how can I make this

    > >CreateObject
    > >> "safe"?

    > >I hope you are only modifying the Trusted Sites Zone settings and not the
    > >Internet Zone settings. What you are proposing is an extremely dangerous
    > >move in either case. If you allow client side browser script to open

    word
    > >documents, then you are setting your clients up for major virus problems
    > >down the road. Personally, I wouldn't let a web site talk me into

    lowering
    > >my security settings. But, as a web developer, I did that exact thing to

    > my
    > >clients...
    > >
    > >I took a slightly different approach when I needed my clients to run
    > >"dangerous" controls, etc. in IE. I didn't feel it proper to tamper or
    > >lower any of their security settings, so I created a completely new

    Security
    > >Zone in the registry with low security settings, then added my server IP
    > >address into it. This way I was sure that the security holes that I

    created
    > >on the client PC could only be used by my web server. This of course

    means
    > >that I have complete control to do anything I want to their PCs. They

    have
    > >to trust me not to. To do this, I created a Wise script that made the
    > >necessary registry changes. I can mail you the script if you want.
    > >However, I believe that these setting as you point out were only for the
    > >currently logged in user. I think that any others who used the PC also

    > had
    > >to run my script. Sorry, I didn't investigate it very far.
    > >
    > >-Rich
    > >
    > >

    >




Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center