473,395 Members | 1,656 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > security-glitch in ie using xmlhttp?

Join Bytes to post your question to a community of 473,395 software developers and data experts.

Security-glitch in IE Using XMLHttp?

I have this little test-page using Ajax to
grab a simple date-string from the server.
This works as expected in IE, FF, NS, etc.

This morning I changed the path to my little
server-side "date-script", so it pointed to
another web-server. Ie. Not the same site
as the page containing my ajax script came from.

As expected, FF, Opera and NS now failed with
a "security permission", *but* IE plodded
happily along and executed the now cross-domain
call and gave me the result. No errors, no warnings...

Is this a well nown fact, or have I discovered
something here?
--
Dag.

Work is the curse of the drinking classes
-- Oscar Wilde
Sep 7 '05 #1
3 1530
On Wed, 07 Sep 2005 07:31:51 GMT, "Dag Sunde" <me@dagsunde.com> wrote:
As expected, FF, Opera and NS now failed with
a "security permission", *but* IE plodded
happily along and executed the now cross-domain
call and gave me the result. No errors, no warnings...


It's a security setting "Access Data Sources across domains" you've
got lowered security for whatever zone you accessed the page in.

Jim.
Sep 7 '05 #2
"Jim Ley" <ji*@jibbering.com> wrote in message
news:43****************@news.individual.net...
On Wed, 07 Sep 2005 07:31:51 GMT, "Dag Sunde" <me@dagsunde.com> wrote:
As expected, FF, Opera and NS now failed with
a "security permission", *but* IE plodded
happily along and executed the now cross-domain
call and gave me the result. No errors, no warnings...


It's a security setting "Access Data Sources across domains" you've
got lowered security for whatever zone you accessed the page in.


Ah... Interesting...

Is there similar settings in any of the other browsers?
(Mainly interested in FF, NS7.x and Opera).

This may be an interesting feature in intranet applications.

--
Dag.
Sep 7 '05 #3


Dag Sunde wrote:
It's a security setting "Access Data Sources across domains" you've
got lowered security for whatever zone you accessed the page in.

Is there similar settings in any of the other browsers?
(Mainly interested in FF, NS7.x and Opera).


No, first of all neither Firefox (current versions) nor Netscape 7 have
any security zone model and frankly allowing such access in general
seems not a good idea.
For IE you can set that setting for different zones so you could savely
configure the normal internet zone but for intranet zone or trusted
sites you could lower the settings.

If you wanted to do anything with script in Mozilla browsers that is not
allowed by normal settings then you would need to use signed script and
then that script still needs to ask the user for certain rights which
pops up a dialog where the user can grant the right or not. Script
signing requires a certificate which a certificate authority usually
charges money for every year you need the certificate.
Mozilla also as far as I am currently aware does not distiguish between
http://localhost/ access and access to real remote hosts.
--

Martin Honnen
http://JavaScript.FAQTs.com/
Sep 7 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Oracle Financials - security
by: Mike | last post by:
Hi all, I'm trying to decide between two books for Oracle Financials security - there seem to be two obvious possibilities. The books are "Oracle E-Business Suite Financials Administrations" by...
Oracle Database
2
row level security
by: robert | last post by:
well, talk about timely. i'm tasked to implement a security feature, and would rather do so in the database than the application code. the application is generally Oracle, but sometimes DB2. ...
DB2 Database
116
Security - more complex than I thought
by: Mike MacSween | last post by:
S**t for brains strikes again! Why did I do that? When I met the clients and at some point they vaguely asked whether eventually would it be possible to have some people who could read the data...
Microsoft Access / VBA
4
Persist Security Info
by: Alberto | last post by:
Could you tell me what it's for the "Persist Security Info ..." value in a connection string. Thank you.
C# / C Sharp
7
IIS / Web Services Security threats
by: Magdelin | last post by:
Hi, My security team thinks allowing communication between the two IIS instances leads to severe security risks. Basically, we want to put our presentation tier on the perimeter network and the...
.NET Framework
0
Referenced security token could not be retrieved
by: Jay C. | last post by:
Jay 3 Jan. 11:38 Optionen anzeigen Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen Datum: 3 Jan...
.NET Framework
1
Code Access Security - General Question
by: Jeremy S. | last post by:
..NET's code Access Security enables administrators to restrict the types of things that a .NET application can do on a local computer. For example, a ..NET Windows Forms application can be...
.NET Framework
2
Embedding Windows Form Control to ASP .NET Security Problem
by: Budhi Saputra Prasetya | last post by:
Hi, I managed to create a Windows Form Control and put it on my ASP .NET page. I have done the suggestion that is provided by modifying the security settings. From the stack trace, I would...
ASP.NET
18
Is UserLevel Security Really Necessary?
by: Earl Anderson | last post by:
First, I feel somewhat embarrassed and apologetic that this post is lengthy, but in an effort to furnish sufficient information (as opposed to too little information) to you, I wanted to supply all...
Microsoft Access / VBA
3
Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicK
by: Mike | last post by:
Hi I have problem as folow: Caught Exception: System.Configuration.ConfigurationErrorsException: An error occurred loading a configuration file: Request for the permission of type...
ASP.NET
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!