Bad Web Design: ActiveX

ActiveX uses an interesting method for enforcing security ... it doesn't. Well, that's not exactly true. What happens is when a web page requests an ActiveX control the browser determines if that control is already loaded onto your system. If it is the ActiveX control is executed. If not, the user is asked if it is okay to install the control. Additional information about where the control came from and it's security implications is also included.

The theory behind this security model is the user knows what's best for his system. In my humble opinion, this is pure hogwash (a stronger expletive came to mind but this is a family site). Is your average web surfer really knowledgeable enough to make a decision like this? Look at it this way, by installing an ActiveX control you are assuming it is secure, won't damage your system and is bug-free. You are basically trusting completely the company which created the control, the developers and the people distributing the image.

Yes there are security certificates involved, but those are relatively easy to get. Also remember how many security problems have been reported involving ActiveX controls.

Next Page

(c)Copyright 2024 BlueValve.net. All rights reserved.
Unauthorized duplication in part or whole strictly prohibited by international copyright law.