Thomas J. Hruska wrote:
> The problem comes in with a common OpenSSL CLSID. This opens a huge
> loophole and makes it easy to write an Active Script that utilizes the
raw
> COM object. Most VB programmers I know can do that. OpenSSL would have
> script kiddies galore overnight. This is why the topic has to be
carefully
> discussed.
This is a known problem with a known solution: for example, the Windows
Scripting
Host has its FileSystemObject, which allows you to read, write, delete,
rename etc
files. This is not a "huge loophole" because it has been marked as NOT
"SafeForScripting",
so the browser should not instantiate it from an external web page. The
same logic
would apply to an OpenSLL COM object.
Cheers,
;-)
-----------------------------------------------
ABS Web Site: www.abs.gov.au
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
