Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Script » Security   (RSS)
Friday, August 05, 2005 3:08 AM

The Evil Problem

Over on the IE Blog, a commenter made a very good point -- why is it that IE flags scripts as “potentially bad”? That’s very confusing to the average user, and they have no way of knowing whether or not the script really is bad or not (and therefore whether
Posted by ptorr | 6 Comments
Filed under: ,
Sunday, February 15, 2004 5:26 AM

GetObject and LinkDemands

A few weeks ago I posted a blog entry about a security problem we found with JScript .NET's GetObject method before the initial release of the CLR. Talking about the problem in full would take a while, and I want to get through a few blogs today, so some
Posted by ptorr | 3 Comments
Filed under: ,
Tuesday, January 27, 2004 5:59 AM

Calling class constructors twice

Yesterday I blogged about a bug that you could exploit in JScript .NET, and the other day I made a comment on Eric's blog about compiler-enforced rules versus runtime-enforced rules. Here's a quick story about one such rule that we fixed before the CLR
Posted by ptorr | 5 Comments
Filed under: , ,
Monday, January 26, 2004 5:25 AM

GetObject and Security

Eric has recently done a series on script security, and one of the things he very briefly mentions is how you can use GetObject with a moniker to get an instance of an object. This reminds me of one of the "cool" bugs we found before the first version
Posted by ptorr | 4 Comments
Filed under: ,
Thursday, January 15, 2004 8:24 AM

Security and Inheritance

I received an e-mail from a customer referencing this newsgroup post and asking two questions about virtual methods and inheritance: 1. Why does it work like this? 2. What's the 'security' implication? Funnily enough, I just read Eric's post on a very
Posted by ptorr | 10 Comments
Filed under: ,
 
Page view tracker