Internet Explorer Object Caching

IT Support Forum Forums Windows Windows Server 2003 R2 General Discussion Internet Explorer Object Caching

This topic contains 0 replies, has 1 voice, and was last updated by  Webmaster 3 months, 1 week ago.

  • Author
    Posts
  • #2207

    Webmaster
    Keymaster

    The Microsoft Windows Server 2003 InternetExplorer Enhanced Security Configuration component (also known as
    Microsoft InternetExplorer hardening) reduces a server’s vulnerability to attacks from Web content by applying more
    restrictiveInternetExplorer security settings that disablescripts, ActiveX components,and file downloads for resources in the
    Internet security zone. As a result, many of thesecurity enhancements included in thelatest release of InternetExplorer will
    not beas noticeablein Windows Server 2003 Service Pack 1.For example, the new InternetExplorer Information Bar and
    Pop-up Blocker features will not be used unless thesiteis in a zone whosesecurity setting allows scripting. If you are not
    using theenhanced security configuration on your server, thesefeatures will function as they do in Windows XP Service
    Pack 2.
    What does Object Caching do?
    In previous versions of Windows Server 2003 with InternetExplorer, some Web pages could access objects cached from
    another Web site. In Windows Server 2003 Service Pack 1,a referenceto an object is no longer accessible when the user
    navigates to a new domain.
    Who does this feature apply to?
    Web developers should review this featureand plan to adopt changes to their Web site.
    Application developers should review this featureand plan to adopt changes in their applications.
    What new functionality is added to this feature in Windows Server 2003 Service Pack 1?
    None.Existing functionality has been extended.
    What existing functionality is changing in Windows Server 2003 Service Pack 1?
    Security context is invalidated upon navigation to a different domain
    Detailed description
    For Windows Server 2003 Service Pack 1, thereis now a new security context on all scriptable objects so thataccess to cached
    objects (except for ActiveX controls) is blocked. In addition to blocking access when navigating across domains,access is also
    blocked when navigating within thesame domain. (In this context,a domain is defined as a fully qualified domain name, or
    FQDN.) A referenceto an object is no longer accessibleafter thecontext has changed dueto navigation.
    Why is this change important? What threats does it help mitigate?
    Prior to InternetExplorer 5.5, navigations across HTML pages (or to subframes) purged instances of MSHTML, which is the
    Microsoft HTML parsing and rendering engine.With theInternetExplorer 5.5 NativeFrames architecture,an instance of
    MSHTML lives across navigations.This introduced a new class of vulnerabilities, because objects could becached across
    navigations. If an object can becached and provideaccess to thecontents of a Web pagefrom another domain, thereis a
    cross-domain hole.
    Onceyou can get to properties on theinner document, script outside of a page’s domain can access thecontents of an inner
    page.This is a violation of theInternetExplorer cross-domain security model.
    For example,you can usethis method to createscripts that listen to events or content in another frame, such as credit card
    numbers or other sensitive data that is typed in the other frame.
    What works differently? Are there any dependencies?
    In thosefew classes that don’talready havethem, four more bytes areadded for thecached markup.Thereshould be no
    noticeableimpact on speed.
    How do I resolve these issues?
    For most of theseclasses of vulnerabilities, InternetExplorer 5 would havecrashed, so theapplication compatibility risk of
    resolving theexploit should besmall. Other applications might need to beaddressed on a case by case basis.
    What settings are added or changed in Windows Server 2003 Service Pack 1?
    InternetExplorer Object Caching
    Setting
    name
    Location Previous
    default
    value
    Default
    value
    Possible
    values
    IExplore.exe
    Explorer.exe
    HKEY_LOCAL_MACHINE (or Current User)\Software\Microsoft \Internet
    Explorer\Main \FeatureControl \FEATURE_OBJECT_CACHING
    None 1 0 – Off
    1 – On
    Do I need to change my code to work with Windows Server 2003 Service Pack 1?
    If your application is attempting to usea cached object,you mightencounter Access Denied errors. In this instanceyou must
    recachethe object beforeyou access it using a script.
    In thefollowing example, thesecurity context is invalidated when the designMode property is set on a document object.
    Broken scriptexample
    var d = myFrame.document;
    d.designMode = “On”;
    d.open(); <-------------------------causes permission denied error Fixed scriptexample var d = myFrame.document; d.designMode = "On"; d = myFrame.document; // re-establish pointer to document object. d.open(); Also, when you comparethevalues of thetwo frame.frames properties of an object, theresults may beincorrect, or thevalues may not beretained.This is becausetheframes object is now wrapped with a security wrapper.When the object caching featureis enabled, this security wrapper is applied.Therefore,access to all cached objects is blocked.This can causetheframes object comparison to return falseeven though theframes areequal.To resolvethis problem,you can usethefollowing method to comparethevalue of theframes: a.name == parent.frames[1].frames.name

You must be logged in to reply to this topic.