> I read that correctly, that means that MS uses ActiveX to > handle those three events in a page. I didn't know that, and > frankly I'm surprised their doing it that way, considering > they've been shutting down so much ActiveX functionality > because of security holes. Am I confused?
ActiveX is the standard way to run programs within IE. Flash, Java, or any other sort of "plug-in" functionality is provided through ActiveX. ActiveX is really just another name for the Component Object Model (COM), which is what Windows programs generally use to talk to each other. The security problems introduced by ActiveX revolve around two things - users' propensity to install any ActiveX control when prompted, and the fact that ActiveX applications run within the same security context as the program that calls them. Since that's the browser, and most people log into their desktops with accounts within the Administrators group, ActiveX programs run within that security context as well. With known ActiveX programs like Flash, the security problems tend to be less significant; although these ActiveX controls also run within the user's security context, the controls themselves tend to be a little more trustworthy and safe about how they handle the code that they themselves run. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:236431 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
