Abstract
ActiveX controls are Microsoft's implementation of the Component Object Model (COM). Microsoft designed ActiveX to replace the older Object Linking and Embedding (OLE) model that was used in earlier versions of the Windows platform. The security issues involving ActiveX controls are very closely related to the inherent properties of ActiveX controls. ActiveX controls do not run in a confined space or “sandbox” as Java applets do, so they pose much more potential danger to applications. In addition, ActiveX controls are capable of all operations a user is capable of, so controls can add or delete data and change the properties of objects. Even though JavaScript and Java applets seem to have taken the Web programming community by storm, many Web sites and Web applications still employ ActiveX controls to service users. As evidenced by the constant news flashes about compromised Web sites, many developers have not yet mastered the art of securing their controls, even though ActiveX is a pretty well-known technology. This chapter serves to aid the user in identifying and averting some of the security issues that may arise from using poorly coded ActiveX controls (many of which are on the Internet—freely available for download). It banishes common misconceptions about ActiveX and introduces the user to best practices for rendering safe, secure, and functional ActiveX controls.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
