For Developers Only
|
|
Start Page | Site Map For Developers Only |
Digital SigningCode received via the Internet lacks shrink-wrapped packaging to vouch for its reliability, and users are understandably skeptical when they're asked to download it. A digital signature provides an opportunity for you to reassure them by creating a path from them to you, should your software harm their system. (Note that digital signing puts your name to your code, but does not ensure that it's hazard-free.) When you develop software for distribution over the Internet, you work with a third party known as a certificate authority (CA) to obtain a digital certificate, which will give users information about you. The CA provides and renews your certificate, authenticates your identity, and handles legal and liability issues for broken security. In addition, the CA typically provides the tools you need to digitally sign your components. Your digital certificate is included with all code you digitally sign and distribute over the Internet.
Important:
The default setting of Internet Explorer doesnÆt allow software not digitally signed to be downloaded to the end user's machine. It is very important that you obtain a digital signature for software components you intend to distribute them over the Internet.
SafetyUnless you design your component so that it's guaranteed to interact safely with script and data passed to it during initialization, a malicious script or data could have harmful results on users' computers and users would come looking for you when that happens. By default, Internet Explorer will display a warning, and will not download a component that has not been marked safe for scripting and initializing. Safe for Scripting On an HTML page, your component's functionality is accessed through scripting, such as when events are handled through VBScript. For ActiveX controls, scripting is the only way to fully utilize the control's features in a browser. So while your control may be a trusted component from a reputable source (you), a malicious script may be able to use its methods to delete files on the user's machine, install macro viruses, and worse. A component is safe for scripting when it can't be scripted to harm the user's computer. Safe for Initialization
Another potential security hazard is initializing your controlÆs state using untrusted data. On an HTML page, your control's initial state is set from the PARAM attributes that accompany the OBJECT tag in the HTML embedding the control. A component is safe for initializing when its properties can't be passed data that in some way harms the user's computer.
Use the Setup Wizard to automatically generate compressed CABs for VB authored ActiveX ControlsThe Setup Wizard creates compressed CAB files and HTML pages for VB authored controls. The CAB file contains an INF file which describes all of the dependencies that are require to run the control. Dependencies, such as MSVBVM50.DLL, are only downloaded as required.
Tip: If a single HTML page will contain multiple VB authored ActiveX controls, put all of the controls into a single VB project, and run the Setup Wizard on that project. The Setup Wizard will create a single CAB file for all the controls, which will minimize download time, and removes the possibility of files being downloaded more than once.
|