- From: David Poehlman <poehlman1@home.com>
- Date: Thu, 25 Jan 2001 11:31:46 -0500
- To: "User Agent Working group list" <w3c-wai-ua@w3.org>
I took an action item:
15.DP: Send information on programmable objects based on security
options in IE
Source:
http://lists.w3.org/Archives/Public/w3c-wai-ua/2001JanMar/0105.html
Using ie 5.5 I opened up internet options, went to the security
properties sheet and selected custom level. Some of these might not
apply but they should be self evident. I've listed the choices of
behaviors where available.
We might want some of this granularity instead of flat either or.
The list follows:
under activex controls and plug-ins:
1> download signed activex controls:
can be configured to:
a. disable
b. enable
c. prompt
2> download unsigned activex controls:
can be configured to:
a. disable
b. enable
c. prompt
3> initialize and script activex controls marked as safe:
can be configured to:
a. disable
b. enable
c. prompt
4> run activex controls and plug-ins:
can be configured to:
a. administrator approved
b. disable
c. enable
d. prompt
5> script activex controls marked safe for scripting:
can be configured to:
a. disable
b. enable
c. prompt
6> allow cookies that are stored on your computer:
can be configured to:
a. disable
b. enable
c. prompt
7> allow per-session cookies (not stored):
can be configured to:
a. disable
b. enable
c. prompt
8> file download:
can be configured to:
a. disable
b. enable
note: I did not skip one.
9> download font:
can be configured to:
a. disable
b. enable
c. prompt
x> java permissions:
can be configured as follows:
a. custom on/off.
b. disable java on/off
c. high safety on/off
d. low safety on/off
e. medium safety on/off
a> access data sources across domains:
can be configured to:
a. disable
b. enable
c. prompt
b> dont prompt for client certificate when no certificate is
available:
can be configured to:
a. disable
b. enable
note: I did not skip one.
c> drag and drop or copy and paste files:
can be configured to:
a. disable
b. enable.
c. prompt
d> installation of desktop items:
can be configured to:
a. disable
b. enable
c. prompt
e> launching programs and files in an iframe:
can be configured to:
a. disable
b. enable
c. prompt
f> Navigate sub-frames across different domains:
can be configured to:
a. disable
b. enable
c. prompt
g> software channel permissions:
configurable as follows:
high-safety on/off
low safety on/off
medium safety on/off
h> submit nonencripted form data:
can be configured to:
a. disable
b. enable
c. prompt
j> user data persistance:
can be configured to:
a. disable
b. enable
note: I did not skip one.
i> active scripting:
can be configured to:
a. disable
b. enable
c. prompt
j> allow paste operations via script:
can be configured to:
a. disable
b. enable
c. prompt
k> scripting of java applettes:
can be configured to:
a. disable
b. enable
c. prompt
l> logon:
can be configured as follows:
a. anonymous logon on/off
b. automatic logon only in intra net zone on/off
L> automatic logon with current user name and password:
can be configured as follows:
prompt for user name and password on/off
Note, the settings above can be achieved in large batches in the
instance of security here. they can be set via the state of the
global security setting which ranges from none to full and will be
adjusted according to the setting of that parameter. I did not
include the main groupings here as it was important to define the
scope of the list only. This should be a fairly complete list of
items to be covered with some actually being outside the scope of the
issue we are attempting to address.
Hands-On Technolog(eye)s
touching the internet
mailto:poehlman1@home.com
url: http://members.home.com/poehlman1/
icq uin: 6958436
voice: 301.949.7599
---end sig---
Received on Thursday, 25 January 2001 11:32:01 UTC