By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,594 Members | 3,459 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,594 IT Pros & Developers. It's quick & easy.

XMLHTTP and Norton Internet Security

P: n/a
Hi all,

I developed a web site that uses javascript and XMLHTTP to dynamically load
info on the page from the server without having to re-load the page.
Recently I've received complaints of it not working, and the common thread
is that these users have Norton Internet Security installed (sorry, don't
know the version, but let's assume the latest). I don't have NIS. Can anyone
give me clear instructions as to how a user can change his/her NIS settings
so that a certain site may be trusted or so that users can use sites that
utilize the XMLHTTP object? Even when they shut off NIS, it still won't
allow access until they actually set it for manual start-up and then restart
their computer. TIA

-Monty
Jul 22 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
I dont use NIS so I cant tell you that, but you may want to rethink how you
are doing it rather then making the users change their security settings.
Its usually not considered a good idea to force the users to do anything
that could potentially open up a security hole.

--
Curt Christianson
Site & Scripts: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"WhenAmIOn.com" <wh**@noSPAM.com> wrote in message
news:42*************************@KNOLOGY.NET...
Hi all,

I developed a web site that uses javascript and XMLHTTP to dynamically
load info on the page from the server without having to re-load the page.
Recently I've received complaints of it not working, and the common thread
is that these users have Norton Internet Security installed (sorry, don't
know the version, but let's assume the latest). I don't have NIS. Can
anyone give me clear instructions as to how a user can change his/her NIS
settings so that a certain site may be trusted or so that users can use
sites that utilize the XMLHTTP object? Even when they shut off NIS, it
still won't allow access until they actually set it for manual start-up
and then restart their computer. TIA

-Monty

Jul 22 '05 #2

P: n/a
You are probably having an issue with the personal firewall software
blocking outgoing network requests (this is what it is supposed to do). It
has a lot of configuration settings. My installation, for example, warns me
each time a new program is attempting to access the network and gives me the
option to allow access or block it.

If you have a link to a public site I'll have a look at what message I get
from NIS. Depending on your audience however, you will probably have to
change your approach as Curt_C mentioned.

--
--Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com

"WhenAmIOn.com" <wh**@noSPAM.com> wrote in message
news:42*************************@KNOLOGY.NET...
Hi all,

I developed a web site that uses javascript and XMLHTTP to dynamically
load info on the page from the server without having to re-load the page.
Recently I've received complaints of it not working, and the common thread
is that these users have Norton Internet Security installed (sorry, don't
know the version, but let's assume the latest). I don't have NIS. Can
anyone give me clear instructions as to how a user can change his/her NIS
settings so that a certain site may be trusted or so that users can use
sites that utilize the XMLHTTP object? Even when they shut off NIS, it
still won't allow access until they actually set it for manual start-up
and then restart their computer. TIA

-Monty

Jul 22 '05 #3

P: n/a
Thanks Curt, but I have to disagree. XMLHTTP is not a security hole per se,
it is a tool. Like any technology that connects to the internet, it has it's
inherent risks, but that doesn't necessarily make it a "security hole" any
more than Firefox or Telnet (well, ok, maybe a little more than Telnet). If
NIS were to block access to Outlook citing the fact that many viruses come
from email, and I wanted to send an email to a person using NIS, would you
recommend that I "rethink" my method and just call 'em on the phone instead
of sending an email? I don't think so (or, at least I hope not). Hasn't more
malicious damage been done through email viruses than XMLHTTP?

I will grant you that from an ease-of-use perspective it would certainly be
easier for them if I re-wrote my architecture, but that is not feasible at
this time. But hypothetically, if I ~did~ re-write my architecture using
another perfectly valid tool and NIS later decides that that tool is bad
too, what would you recommend then? Do you recommend I re-write a third
time? Where does it stop?

Sorry, hope this doesn't sound testy, I'm just frustrated with this
situation. I look forward to your response...

"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:uU**************@TK2MSFTNGP09.phx.gbl...
I dont use NIS so I cant tell you that, but you may want to rethink how you
are doing it rather then making the users change their security settings.
Its usually not considered a good idea to force the users to do anything
that could potentially open up a security hole.

--
Curt Christianson
Site & Scripts: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"WhenAmIOn.com" <wh**@noSPAM.com> wrote in message
news:42*************************@KNOLOGY.NET...
Hi all,

I developed a web site that uses javascript and XMLHTTP to dynamically
load info on the page from the server without having to re-load the page.
Recently I've received complaints of it not working, and the common
thread is that these users have Norton Internet Security installed
(sorry, don't know the version, but let's assume the latest). I don't
have NIS. Can anyone give me clear instructions as to how a user can
change his/her NIS settings so that a certain site may be trusted or so
that users can use sites that utilize the XMLHTTP object? Even when they
shut off NIS, it still won't allow access until they actually set it for
manual start-up and then restart their computer. TIA

-Monty


Jul 22 '05 #4

P: n/a
I'm not saying that XMLHTTP is a security hole, I'm saying that opening the
NIS to allow it may cause a security hole.
As for your other point, well you wont like my answer but its really a
matter of trying to use the wrong technology. You are trying to "make" a
browser do something it wasnt inteded for. WWW is a request/response system,
and as such you are trying to override this and make it a "polling" system.
That said, its really not an ASP issue.... so as this is an ASP group you
may be getting a limited set of options. You may get more, or better,
responses in a clientside group.......

And I feel your frustration.... trust me.... been there, done that.....
hated it.

--
Curt Christianson
Site & Scripts: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"Monty" <Mo***@noSPAM.com> wrote in message
news:42***************************@KNOLOGY.NET...
Thanks Curt, but I have to disagree. XMLHTTP is not a security hole per
se, it is a tool. Like any technology that connects to the internet, it
has it's inherent risks, but that doesn't necessarily make it a "security
hole" any more than Firefox or Telnet (well, ok, maybe a little more than
Telnet). If NIS were to block access to Outlook citing the fact that many
viruses come from email, and I wanted to send an email to a person using
NIS, would you recommend that I "rethink" my method and just call 'em on
the phone instead of sending an email? I don't think so (or, at least I
hope not). Hasn't more malicious damage been done through email viruses
than XMLHTTP?

I will grant you that from an ease-of-use perspective it would certainly
be easier for them if I re-wrote my architecture, but that is not feasible
at this time. But hypothetically, if I ~did~ re-write my architecture
using another perfectly valid tool and NIS later decides that that tool is
bad too, what would you recommend then? Do you recommend I re-write a
third time? Where does it stop?

Sorry, hope this doesn't sound testy, I'm just frustrated with this
situation. I look forward to your response...

"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:uU**************@TK2MSFTNGP09.phx.gbl...
I dont use NIS so I cant tell you that, but you may want to rethink how
you are doing it rather then making the users change their security
settings. Its usually not considered a good idea to force the users to do
anything that could potentially open up a security hole.

--
Curt Christianson
Site & Scripts: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"WhenAmIOn.com" <wh**@noSPAM.com> wrote in message
news:42*************************@KNOLOGY.NET...
Hi all,

I developed a web site that uses javascript and XMLHTTP to dynamically
load info on the page from the server without having to re-load the
page. Recently I've received complaints of it not working, and the
common thread is that these users have Norton Internet Security
installed (sorry, don't know the version, but let's assume the latest).
I don't have NIS. Can anyone give me clear instructions as to how a user
can change his/her NIS settings so that a certain site may be trusted or
so that users can use sites that utilize the XMLHTTP object? Even when
they shut off NIS, it still won't allow access until they actually set
it for manual start-up and then restart their computer. TIA

-Monty



Jul 22 '05 #5

P: n/a
Thanks Curt, I think we'll have to agree to disagree. The browser and the
XMLHTTP object both work perfectly well together for me at what they're
designed to do, it's only when NIS gets involved that we reaffirm the truism
"three's a crowd".

This app is written in ASP.net, so that's why I chose this one. Sorry for
this stupid question, but could you recommend by name a better newsgroup for
this? The only client-side specific one I could find was in Danish, and I'm
a little rusty.
"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:uS****************@TK2MSFTNGP15.phx.gbl...
I'm not saying that XMLHTTP is a security hole, I'm saying that opening
the NIS to allow it may cause a security hole.
As for your other point, well you wont like my answer but its really a
matter of trying to use the wrong technology. You are trying to "make" a
browser do something it wasnt inteded for. WWW is a request/response
system, and as such you are trying to override this and make it a
"polling" system.
That said, its really not an ASP issue.... so as this is an ASP group you
may be getting a limited set of options. You may get more, or better,
responses in a clientside group.......

And I feel your frustration.... trust me.... been there, done that.....
hated it.

--
Curt Christianson
Site & Scripts: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"Monty" <Mo***@noSPAM.com> wrote in message
news:42***************************@KNOLOGY.NET...
Thanks Curt, but I have to disagree. XMLHTTP is not a security hole per
se, it is a tool. Like any technology that connects to the internet, it
has it's inherent risks, but that doesn't necessarily make it a "security
hole" any more than Firefox or Telnet (well, ok, maybe a little more than
Telnet). If NIS were to block access to Outlook citing the fact that many
viruses come from email, and I wanted to send an email to a person using
NIS, would you recommend that I "rethink" my method and just call 'em on
the phone instead of sending an email? I don't think so (or, at least I
hope not). Hasn't more malicious damage been done through email viruses
than XMLHTTP?

I will grant you that from an ease-of-use perspective it would certainly
be easier for them if I re-wrote my architecture, but that is not
feasible at this time. But hypothetically, if I ~did~ re-write my
architecture using another perfectly valid tool and NIS later decides
that that tool is bad too, what would you recommend then? Do you
recommend I re-write a third time? Where does it stop?

Sorry, hope this doesn't sound testy, I'm just frustrated with this
situation. I look forward to your response...

"Curt_C [MVP]" <software_AT_darkfalz.com> wrote in message
news:uU**************@TK2MSFTNGP09.phx.gbl...
I dont use NIS so I cant tell you that, but you may want to rethink how
you are doing it rather then making the users change their security
settings. Its usually not considered a good idea to force the users to do
anything that could potentially open up a security hole.

--
Curt Christianson
Site & Scripts: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"WhenAmIOn.com" <wh**@noSPAM.com> wrote in message
news:42*************************@KNOLOGY.NET...
Hi all,

I developed a web site that uses javascript and XMLHTTP to dynamically
load info on the page from the server without having to re-load the
page. Recently I've received complaints of it not working, and the
common thread is that these users have Norton Internet Security
installed (sorry, don't know the version, but let's assume the latest).
I don't have NIS. Can anyone give me clear instructions as to how a
user can change his/her NIS settings so that a certain site may be
trusted or so that users can use sites that utilize the XMLHTTP object?
Even when they shut off NIS, it still won't allow access until they
actually set it for manual start-up and then restart their computer.
TIA

-Monty



Jul 22 '05 #6

P: n/a
Whoops, found some groups. Thanks.

"Monty" <Mo***@noSPAM.com> wrote in message
news:3c**************************@KNOLOGY.NET...
Thanks Curt, I think we'll have to agree to disagree. The browser and the
XMLHTTP object both work perfectly well together for me at what they're
designed to do, it's only when NIS gets involved that we reaffirm the
truism "three's a crowd".

This app is written in ASP.net, so that's why I chose this one. Sorry for
this stupid question, but could you recommend by name a better newsgroup
for this? The only client-side specific one I could find was in Danish,
and I'm a little rusty.


Jul 22 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.