computersecurityhandbook.com
Home
>
Fourth Edition
> Chapter 10
Home
by Author
Fourth Edition
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Chapter 14
Chapter 15
Chapter 16
Chapter 17
Chapter 18
Chapter 19
Chapter 20
Chapter 21
Chapter 22
Chapter 23
Chapter 24
Chapter 25
Chapter 26
Chapter 27
Chapter 28
Chapter 29
Chapter 30
Chapter 31
Chapter 32
Chapter 33
Chapter 34
Chapter 35
Chapter 36
Chapter 37
Chapter 38
Chapter 39
Chapter 40
Chapter 41
Chapter 42
Chapter 43
Chapter 44
Chapter 45
Chapter 46
Chapter 47
Chapter 48
Chapter 49
Chapter 50
Chapter 51
Chapter 52
Chapter 53
Chapter 54
by Section
Services
About this site
Chapter 10 –
Mobile Code
Robert Gezelter, CDP
Chapter Contents:
10.1
Introduction
10.1.1
Mobile Code from the World Wide Web
10.1.2
Design and Implementation Errors
10.2
Signed Code
10.2.1
Authenticode
10.2.2
Fundamental Limitations of Signed Code
10.2.3
Specific Problems with the ActiveX Security Model
10.2.3.1
Importing and Installing Controls
10.2.3.2
Running Controls
10.2.3.3
Scripting Concerns
10.2.4
Case Studies
10.2.4.1
Internet Exploder
10.2.4.2
Chaos Computer Club Demonstration
10.2.4.3
Certificates Obtained by Imposters
10.3
Restricted Operating Environments
10.3.1
Java
10.4
Discussion
10.4.1
Asymmetric, and Transitive or Derivative, Trust
10.4.2
Multidimensional Threat
10.4.3
Server Responsibilities
10.5
Summary
10.6
Notes
10.7
References and For Further Reading
Chapters Cross Referenced:
Chapter 17 – Operating System Security
Chapter 22 – Protecting Web Sites
Chapter 23 – Public Key Infrastructures and Certificate Authorities
Chapter 25 – Software Development and Quality Assurance
Please report problems to the webmaster at:
webmaster@removethis.rlgsc.com
copyright 2002-2006, Robert Gezelter, All Rights Reserved
