How can u certify an activeX is safe?? 
Author Message
 How can u certify an activeX is safe??

BTW I was able to run ActiveX with the self-issued certificate.
The only problem is I don't know why it didn't work before. -_-;;;
So I cancel what I said about calling verisign..etc.. all whoopies. ^^

How do they know my code is secure anyway?

Do they dissemble my code and check some set of unsecure codes?? (io?)

Do they just test it?  Do they get my source code and check lines one
by one?

I mean how can they can be sure my code is 'safe'?

What if I make my activex run after a specific count of something or
random..., and do do some unsecure things??

I mean I can think of various ways to do something wild with this.



Thu, 06 Oct 2005 15:07:33 GMT  
 How can u certify an activeX is safe??
A certificate from a trusted certification organization like Verisign does
not mean your activeX control is safe or secure, it just tells the user that
you are who you claim to be. That's all.

Regards,
Nish [VC++ MVP]


Quote:
> BTW I was able to run ActiveX with the self-issued certificate.
> The only problem is I don't know why it didn't work before. -_-;;;
> So I cancel what I said about calling verisign..etc.. all whoopies. ^^

> How do they know my code is secure anyway?

> Do they dissemble my code and check some set of unsecure codes?? (io?)

> Do they just test it?  Do they get my source code and check lines one
> by one?

> I mean how can they can be sure my code is 'safe'?

> What if I make my activex run after a specific count of something or
> random..., and do do some unsecure things??

> I mean I can think of various ways to do something wild with this.



Thu, 06 Oct 2005 15:50:22 GMT  
 How can u certify an activeX is safe??
... and Verisign (et al) collect enough information that if it turns out
your signed AX control is hostile, it can be unequivocally traced back to
you.  It is You who verifies that the control is safe.  Having it signed
with your key is your way of saying "I assert that this control is safe, and
I'm willing to accept responsibility for it if it turns out not to be".

-cd

Quote:

> A certificate from a trusted certification organization like Verisign
> does not mean your activeX control is safe or secure, it just tells
> the user that you are who you claim to be. That's all.

> Regards,
> Nish [VC++ MVP]



>> BTW I was able to run ActiveX with the self-issued certificate.
>> The only problem is I don't know why it didn't work before. -_-;;;
>> So I cancel what I said about calling verisign..etc.. all whoopies.
>> ^^

>> How do they know my code is secure anyway?

>> Do they dissemble my code and check some set of unsecure codes??
>> (io?)

>> Do they just test it?  Do they get my source code and check lines one
>> by one?

>> I mean how can they can be sure my code is 'safe'?

>> What if I make my activex run after a specific count of something or
>> random..., and do do some unsecure things??

>> I mean I can think of various ways to do something wild with this.



Thu, 06 Oct 2005 21:35:19 GMT  
 How can u certify an activeX is safe??
Thanks. Both Nishant and Carl for replying.

Got it.



Fri, 07 Oct 2005 07:47:20 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. making an ActiveX Control safe

2. making activex control safe

3. Determining what canned preprocessor symbols are available

4. Beginner [Q] Using Canned File Open/Save dialog

5. Help with compiling a "canned" program

6. Canned Dialogs

7. ANN: sigslot - C++ Portable, Thread-Safe, Type-Safe Signal/Slot Library

8. Safe Copy and Safe Calloc

9. Getting certified and working in Europe

10. certified C programmer?

11. Q: Certified C-compilers / compliance checkers

12. Q: Certified Course in C

 

 
Powered by phpBB® Forum Software