SiteLock Template for Securing ActiveX
When appropriate, SiteLock should be used on all ActiveX controls, allowing the controls
to be limited to authorized domains listed within the SiteLock file. Microsoft has released
a SiteLock template file that helps users install SiteLock on their ActiveX controls. The
template can be found at http://msdn.microsoft.com/archive/default.asp?url=/
archive/en-us/samples/internet/components/sitelock/default.asp. The template
contains a file called SiteLock.h, which offers a step-by-step procedure to install SiteLock
on an ActiveX control. The following list shows an example of the steps necessary to
install SiteLock on a control; however, you should refer to SiteLock.h for all the technical
steps required to install this security protection.
1. Include the SiteLock.h header ?¬? le.
2. Add the following interfaces:
public IObjectSafetySiteLockImpl
,"
3. Add the following items in the COM_MAP section:
COM_INTERFACE_ENTRY(IObjectSafety)
COM_INTERFACE_ENTRY(IObjectSafetySiteLock)
4. Add the following in the control class:
static const SiteList rgslTrustedSites[#];
5. AllowType should have the approved domains??”Allow, Deny, or Download.
Pages:
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365