Re: why microsoft choose mfc rather than wtl?
- From: Daniel James <wastebasket@xxxxxxxxxxxxxxxx>
- Date: Mon, 11 Apr 2005 11:41:24 +0100
In article news:<fhoi51p1k2ip4g56htn4rcnsloaee28834@xxxxxxx>, Russ
wrote:
> I respect both of your opinions, even though you have inadvertently
> called me 'unethical', but I would appreciate it if you could tell me
> good reasons for your blanket condemnation.
My condemnation is of the introduction of technology into the browser
that enables executable code to be executed on the client PC. Executable
code can do anything - from formatting the hard drive to copying your
personal details to a criminal organization to EMailing death threats
from your account to the White House - so it's not something the user
innocently browsing the web wants to have arbitrary websites running
behind his back.
As I'm sure you know: The browser can be configured to allow or prevent
the download of executable code, and can be configured to allow or
prevent the automatic running of the code. Furthermore code can be
digitally signed so that you know (in theory) who wrote it. The fact
that these controls can be set to set to insecure configurations makes
them a liability. Most users don't understand what the settings do and
will blindly follow instructions on a web page that tell them to lower
the security of their browser settings in order to get a page to "work".
It was folly ever to allow the insecure settings to be supported ... but
ActveX controls were supported in web pages because they were "cool",
with no thought to the fact that they were a security liability.
> Now this is a business application ... It seems to me that there
> are sufficient safeguards built into the system to make this
> perfectly safe. In my case, all communication between the client
> and the server is done via SSL, and the identities of both the
> client and the server are confirmed by certificates.
There are safeguards. Whether or not they are "sufficient" is moot.
For example: What would the majority of users do if someone spoofed your
site with one that prompted the users to lower the security settings and
download a new control signed with a spoofed certificate ... perhaps a
self-signed certificate created with a subject ID that claims it belongs
to your company. The page might have some reassuring words telling the
users to check the certificate ID to ensure their security. How many of
your users would blindly go ahead and do what was asked, without
considering the security implications?
By using a downloadable control you leave yourself open to this sort of
attack. Is it worth it?
> This is a TON easier than having to distribute the new control to
> thousands of clients and expect that they will all install it without
> problems!
Oh, yes. Of course it is. It may even be more secure because it is
probably harder to spoof a website than it would be to send a CD in the
post to all your customers with a note saying "here is an update to the
browser plug-in for our web site, please install it at once". Most
people would do that without thinking, too.
> So, tell me, what is so 'unethical' about the above scenario?
It's not "unethical", it's naive. You have thought about the security
but you haven't looked hard enough. You haven't considered just how
security-unaware most users are.
[Of course, even if *you* didn't use an ActiveX control there'd be
nothing to stop an attacker spoofing your site and getting the users to
download one ... but at least you could have a page in your
documentations saying "we don't use ActiveX controls and we strongly
advise you not to enable them in your browser for security reasons".
Then at least, if someone suffered a spoofing attack you could say "It's
not our fault. We told you not to do that".]
You also haven't considered that some of your potential customers will
have knowledgeable security staff who will very sensibly tie down the
browsers on users' desktops so that they will be unable to access your
website. You'll lose customers if you rely on that control to make your
site work. You'll also lose customers who are using browsers that can't
run ActiveX controls -- which automatically includes any customers who
aren't using Windows.
So, the question isn't whether you should design your site so that it
downloads a control over the wire, it's whether you ought to be using a
control for this *at all*. I don't know what your business application
is, but there are other ways of manipulating the browser display. Java
applets are much more secure than native executable code because the
JVM's sandbox has limited access to the machine, though they're still a
potential risk and should only be used when absolutely necessary (Java
also works in more browsers and on more platforms than ActiveX). Any
kind of server-side scripting will remove the risk from the client's PC
altogether, though at the cost of more load on the servers and probably
an increase in communications bandwidth. It depends what you're doing.
What's wrong with HTML, for your application, anyway?
Cheers,
Daniel.
.
- Follow-Ups:
- References:
- why microsoft choose mfc rather than wtl?
- From: Huang Shu Huai
- Re: why microsoft choose mfc rather than wtl?
- From: Joseph M . Newcomer
- Re: why microsoft choose mfc rather than wtl?
- From: Daniel James
- Re: why microsoft choose mfc rather than wtl?
- From: Joseph M . Newcomer
- Re: why microsoft choose mfc rather than wtl?
- From: Daniel James
- Re: why microsoft choose mfc rather than wtl?
- From: Russ
- why microsoft choose mfc rather than wtl?
- Prev by Date: Greying out a menu-bar item
- Next by Date: How to call Web service function using MFC
- Previous by thread: Re: why microsoft choose mfc rather than wtl?
- Next by thread: Re: why microsoft choose mfc rather than wtl?
- Index(es):
Relevant Pages
|
