ActiveX and Code Signing

• ActiveX applets are based on Microsoft's Component Object Model (COM)
• ActiveX applets can access all the machine's resources
• They are signed with a digital signature to ensure their origin.
• A similar option is also offered for Java code
• Users are supposed to trust signed applets as they trust retail software

• All or nothing proposition
• Who do you trust?
• Programs from trusted sources may contain vulnerabilities
• Programs from trusted sources may unknowingly contain malicious code (e.g. by linking with a library)

• PreviousPolicy Example
• Contents
• NextJavascript

 Last change: Tuesday, June 25, 2002 10:27 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.