Scripted Window Security must be enforced. ActiveX controls do not run within a protected container in the browser like the other types of HTML or. Microsoft ActiveX controls allow unmanaged, unprotected code to run on the user computers. The Uniform Resource Locator (URL) standard allows user authentication to be included in URL strings in the form A malicious user might use this URL syntax to.ĪctiveX Installs must be configured for proper restriction. This functionality can be controlled separately for instances of.ĭisabling of user name and password syntax from being used in URLs must be enforced. The Pop-up Blocker feature in Internet Explorer can be used to block most unwanted pop-up and pop-under windows from appearing. Links that invoke instances of Internet Explorer from within an Office product must be blocked. User preferences may also allow the download to occur. Findings (MAC I - Mission Critical Classified) Finding IDįile Downloads must be configured for proper restrictions.ĭisabling this setting allows websites to present file download prompts via code without the user specifically initiating the download.
0 kommentar(er)
