Internet Explorer Object Caching

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Internet Explorer Object Caching

Viewing 0 reply threads
  • Author
    Posts
    • #2207
      Webmaster
      Keymaster

      The Microsoft Windows Server 2003 InternetExplorer Enhanced Security Configuration component (also known as
      Microsoft InternetExplorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more
      restrictiveInternetExplorer security settings that disablescripts, ActiveX components,and file downloads for resources in the
      Internet security zone. As a result, many of thesecurity enhancements included in thelatest release of InternetExplorer will
      not beas noticeablein Windows Server 2003 Service Pack 1.For example, the new InternetExplorer Information Bar and
      Pop-up Blocker features will not be used unless thesiteis in a zone whosesecurity setting allows scripting. If you are not
      using theenhanced security configuration on your server, thesefeatures will function as they do in Windows XP Service
      Pack 2.
      What does Object Caching do?
      In previous versions of Windows Server 2003 with InternetExplorer, some Web pages could access objects cached from
      another Web site. In Windows Server 2003 Service Pack 1,a referenceto an object is no longer accessible when the user
      navigates to a new domain.
      Who does this feature apply to?
      Web developers should review this featureand plan to adopt changes to their Web site.
      Application developers should review this featureand plan to adopt changes in their applications.
      What new functionality is added to this feature in Windows Server 2003 Service Pack 1?
      None.Existing functionality has been extended.
      What existing functionality is changing in Windows Server 2003 Service Pack 1?
      Security context is invalidated upon navigation to a different domain
      Detailed description
      For Windows Server 2003 Service Pack 1, thereis now a new security context on all scriptable objects so thataccess to cached
      objects (except for ActiveX controls) is blocked. In addition to blocking access when navigating across domains,access is also
      blocked when navigating within thesame domain. (In this context,a domain is defined as a fully qualified domain name, or
      FQDN.) A referenceto an object is no longer accessibleafter thecontext has changed dueto navigation.
      Why is this change important? What threats does it help mitigate?
      Prior to InternetExplorer 5.5, navigations across HTML pages (or to subframes) purged instances of MSHTML, which is the
      Microsoft HTML parsing and rendering engine.With theInternetExplorer 5.5 NativeFrames architecture,an instance of
      MSHTML lives across navigations.This introduced a new class of vulnerabilities, because objects could becached across
      navigations. If an object can becached and provideaccess to thecontents of a Web pagefrom another domain, thereis a
      cross-domain hole.
      Onceyou can get to properties on theinner document, script outside of a page’s domain can access thecontents of an inner
      page.This is a violation of theInternetExplorer cross-domain security model.
      For example,you can usethis method to createscripts that listen to events or content in another frame, such as credit card
      numbers or other sensitive data that is typed in the other frame.
      What works differently? Are there any dependencies?
      In thosefew classes that don’talready havethem, four more bytes areadded for thecached markup.Thereshould be no
      noticeableimpact on speed.
      How do I resolve these issues?
      For most of theseclasses of vulnerabilities, InternetExplorer 5 would havecrashed, so theapplication compatibility risk of
      resolving theexploit should besmall. Other applications might need to beaddressed on a case by case basis.
      What settings are added or changed in Windows Server 2003 Service Pack 1?
      InternetExplorer Object Caching
      Setting
      name
      Location Previous
      default
      value
      Default
      value
      Possible
      values
      IExplore.exe
      Explorer.exe
      HKEY_LOCAL_MACHINE (or Current User)\Software\Microsoft \Internet
      Explorer\Main \FeatureControl \FEATURE_OBJECT_CACHING
      None 1 0 – Off
      1 – On
      Do I need to change my code to work with Windows Server 2003 Service Pack 1?
      If your application is attempting to usea cached object,you mightencounter Access Denied errors. In this instanceyou must
      recachethe object beforeyou access it using a script.
      In thefollowing example, thesecurity context is invalidated when the designMode property is set on a document object.
      Broken scriptexample
      var d = myFrame.document;
      d.designMode = “On”;
      d.open(); <-------------------------causes permission denied error Fixed scriptexample var d = myFrame.document; d.designMode = "On"; d = myFrame.document; // re-establish pointer to document object. d.open(); Also, when you comparethevalues of thetwo frame.frames properties of an object, theresults may beincorrect, or thevalues may not beretained.This is becausetheframes object is now wrapped with a security wrapper.When the object caching featureis enabled, this security wrapper is applied.Therefore,access to all cached objects is blocked.This can causetheframes object comparison to return falseeven though theframes areequal.To resolvethis problem,you can usethefollowing method to comparethevalue of theframes: a.name == parent.frames[1].frames.name

Viewing 0 reply threads
  • You must be logged in to reply to this topic.