ActiveX Code Marking

Previous page
Table of content
Next page

Security Technologies

One way to establish secure data transfer is to authenticate the client and the server before any data is transmitted. Clients can verify the servers they are connecting to just as the server can verify incoming clients . Two technologies support this authentication process.

Secure Socket Layers and Private Communication Technology

Secure Socket Layers (SSL) and Private Communication Technology (PCT) are public-key-based security protocols implemented by the Secure Channel (Schannel) security provider. These security protocols are used by Internet browsers and servers for mutual authentication, message integrity, and confidentiality.

Certificates

The identity of a client or server is established by installing a "certificate" on the specific computer. The Web server (or Web browser) uses the certificate during the handshake processes when connecting.

Authenticating a Server

Internet Explorer (the client) authenticates the Internet server when the server's certificate is presented as part of the SSL/PCT secure channel protocol. The client program accepts the server's certificate by verifying the cryptographic signatures on the certificate.

Authenticating a Client

SSL 3.0 and PCT 1.0 also support client authentication. Client authentication using public-key certificates is one of the steps that is completed when a secure channel session is established.

Lesson Summary

A number of techniques can be used to protect users from such things as data corruption or security leaks when they download a Web page. Users of Internet Explorer can set different security levels to control the type of content they download.

Developers can digitally sign their ActiveX controls, or mark them as safe for scripting to help ensure that the controls they develop are safe to download. A signed control guarantees that the code being downloaded was built and signed by a qualified developer, and has not been tampered with or corrupted. Marking that your control is safe for initializing or safe for scripting guarantees that your control can be used on a Web page. When Internet Explorer encounters a control on a Web page, it queries the control to determine if it has been marked as safe for initializing or safe for scripting. This practice, combined with the safety level set by the user helps protect them from downloading harmful code.

One way to establish secure data transfer is to authenticate the client and the server before any data is transmitted. Secure Socket Layers and Private Communication Technology are security protocols used by Internet browsers and servers for mutual authentication, message integrity, and confidentiality.


Previous page
Table of content
Next page
Microsoft Windows Architecture Training
Microsoft Windows Architecture for Developers Training Kit
ISBN: B00007FY9D
EAN: N/A
Year: 1998
Pages: 324
Authors: Microsoft Corporation
BUY ON AMAZON
Java I/O
Crystal Reports 9 on Oracle (Database Professionals)
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Ruby Cookbook (Cookbooks (OReilly))
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy