Hi. I'm developed an activex control in a project and this project is ready to go the production. To use the activex in a test environment, we need to change some IE security settings.
1- Add the site to the "Trusted sites" list 2- Change the setting "Download unsigned activex" to enable 2- Change the setting "Initialize and script ActiveX controls not marked as safe for scripting" to enable With those changes above the ActiveX works fine. For the production environment we belive that if we digital sign the activex and the .msi used to install it in the client machine, this security configurations will not be necessary. So we digital signed both (ActiveX / .msi) but when we try to instantiate the ActiveX in the page using javascript an error is received "Automation server can't create object". After some tests we discovered that even with the digital sign the activeX just works when the security setting "Initialize and script ActiveX controls not marked as safe for scripting" is enable. After some researches we found that the interface IObjectSafety can be used/implemented to "mark" the ActiveX as safe. To tell you the truth if the activeX implements this interface it works in all ways. It doesn't need to be digital sign and no security configuration is needed. So my question is... Can I use this interface? Making my own ActiveX as safe is a common way in ActiveX development? Thanks, Rodrigo
