uuuhhhhhh.....
am i the only one who thinks maybe microsoft shouldn't go looking for ways "...making it possible to bypass the built-in security that browsers offer. ..."
Printable View
uuuhhhhhh.....
am i the only one who thinks maybe microsoft shouldn't go looking for ways "...making it possible to bypass the built-in security that browsers offer. ..."
Agent, Old chap.....
What, exactly, are you referring to here? A nice little link to a story or something would be really nice..... ;)
Tiger, I think it's in reference to this:
http://news.com.com/2100-1012_3-5119072.html
Other interesting versions:Quote:
Microsoft on Tuesday won a patent for launching a certain kind of HTML application within Windows.
The patent, "Method and apparatus for writing a Windows application in HTML" (Hypertext Markup Language), describes Microsoft's way of opening up HTML applications in a window free of navigation and other interface elements, known as "chrome," and browser security restrictions.
One example of an HTML application at work in Windows is the "Add or Remove Programs" feature in the control panel.
On a page about HTML applications on its Developer Network site, Microsoft described the technique as a way to harness HTML's power while bypassing its network and interface-related restrictions.
"HTML Applications (HTAs) are full-fledged applications," the page reads. "These applications are trusted and display only the menus, icons, toolbars, and title information that the Web developer creates. In short, HTAs pack all the power of Microsoft Internet Explorer--its object model, performance, rendering power, protocol support, and channel-download technology--without enforcing the strict security model and user interface of the browser."
http://news.com.com/2100-1001-984052.html
http://news.zdnet.co.uk/software/dev...9118430,00.htm
After reading the articles, I agree with you Agent Johnson. That's just what we need...a way for non programmers to be able to program that bypasses browser security settings...unless I am reading this wrong, or my 2 brain cells are misfiring..what exactly is the benifit here? What am I missing?
Sounds like they are trying to make software that is easier to exploit. Not that they have been doing a bad job thus far. :DQuote:
This relaxed security allows an HTML author to do things such as: read from a user's local computer; write to a user's local computer and perform scripting of frames between domains.
The other thought that comes to mind is WTF are they thinking by doing this?
IMHO this is insane.
/edit f1x3d typ0z
Thanks to both of you......
I have to admit that, with M$'s record on holes.....
while not new, is a little brazen of them.....Quote:
In short, HTAs pack all the power of Microsoft Internet Explorer--its object model, performance, rendering power, protocol support, and channel-download technology--without enforcing the strict security model and user interface of the browser
OTOH, if a cracker/virus/malware author uses them to attack M$ in the future they can sue for patent infringement..... ;)
Ya. Right. How many malware/virus/crackers do you know that are worth suing?Quote:
OTOH, if a cracker/virus/malware author uses them to attack M$ in the future they can sue for patent infringement.....
Ms. M: LOL..... and hence the ;) at the end.....
But then again, I never said M$ were the sharpest knives in the drawer, maybe they have a plan..... :eek:
They may not be worth sueing. But if Microsoft is willing to pay $250,00 for the blaster/sobig coders, I am inclined to think they have something up their sleeve.
They are already doing it. They just received a patient for it. This is nothing new and its not a internet thing. It is just an application that is coded using html commands but it still runs locally, not remotely.Quote:
One example of an HTML application at work in Windows is the "Add or Remove Programs" feature in the control panel.
Would Custom Folder views fall under this description? Although they appear to be a mix of ActiveX and HTML... (I even made my own, "AntiOnline Folder View" - Search AO for it, get version 1.1) Active Desktop might also an example of this, and they force you to use it to have a JPEG Desktop Background. Of course I'm not exactly sure if this is what MS is talking about...
Side note on what can be done even with the security settings of the browser...
It is impressive how much you can do on an Active Desktop. I remember one thing I did at school was create a HTML page that would be loaded full-screen (entire desktop) with the normal background image, but also with a Fly that would follow the mouse cursor (done in JavaScript). Most people wouldn't notice if for a while just getting to the PC, but after looking at the screen you'd think they would try to slap at it to kill the fly... People even sat at an angle to see if it was real or not. I guess that a fly measuring about 60x60 pixels (3-4x size of a fly) on a low-res monitor would appear to be "real" to them...