Re: Possible IE 6 Bug - Differences Between Windows Explorer And IE

From: Jim Cheshire [MSFT] (jamesche_at_online.microsoft.com)
Date: 04/19/04

  • Next message: Larry: "trying to post to aspx anonyomously is blocked?"
    Date: Mon, 19 Apr 2004 15:12:33 GMT
    
    

    Hi Kev,

    I'm not sure why you would see different behavior between IE 5 and 6. You
    might want to post this question in the IE Client newsgroup for input
    there.

    Jim Cheshire, MCSE, MCSD [MSFT]
    ASP.NET
    Developer Support
    jamesche@online.microsoft.com

    This post is provided "AS-IS" with no warranties and confers no rights.

    --------------------
    >From: mrkwatkins@hotmail.com (Kevin Watkins)
    >Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    >Subject: Re: Possible IE 6 Bug - Differences Between Windows Explorer And
    IE
    >Date: 19 Apr 2004 02:00:14 -0700
    >Organization: http://groups.google.com
    >Lines: 41
    >Message-ID: <2ec204be.0404190100.65d29f1d@posting.google.com>
    >References: <2ec204be.0404160943.7858f2ca@posting.google.com>
    <aFIb0t#IEHA.2112@cpmsftngxa10.phx.gbl>
    >NNTP-Posting-Host: 81.133.246.107
    >Content-Type: text/plain; charset=ISO-8859-1
    >Content-Transfer-Encoding: 8bit
    >X-Trace: posting.google.com 1082365215 17082 127.0.0.1 (19 Apr 2004
    09:00:15 GMT)
    >X-Complaints-To: groups-abuse@google.com
    >NNTP-Posting-Date: Mon, 19 Apr 2004 09:00:15 +0000 (UTC)
    >Path:
    cpmsftngxa10.phx.gbl!TK2MSFTNGXA05.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.s
    ul.t-online.de!t-online.de!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!p
    ostnews1.google.com!not-for-mail
    >Xref: cpmsftngxa10.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:9669
    >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    >
    >> Hi Kevin,
    >>
    >> This is not a bug in any version of the browser. This is by-design.
    One
    >> process cannot access the memory for another process. As you have seen,
    >> when you browse a URL via a Windows Explorer window, it will browse that
    >> URL via the explorer.exe process. If you then open a new window, it
    will
    >> launch a new iexplore.exe process, and that iexplore.exe process cannot
    >> access the memory space for the explorer.exe process.
    >>
    >> There is a way that you can force the process to not cache credentials
    in
    >> this scenario. Open an Explorer window and click on Tools, Folder
    Options.
    >> Click the View tab and select the option to "Launch folder windows in a
    >> separate process." After you check that, restart the computer. Now
    >> credentials will no longer be cached after the Windows Explorer window
    is
    >> closed and a new one opened.
    >
    >Hi,
    >
    >Thanks for your reply. I have just tested this again under IE5.5 and I
    >get different behaviour. The 'Launch folder windows in a separate
    >process' isn't ticked, yet the credentials do not get cached when I
    >shut the Windows Explorer window with my site in.
    >
    >I can understand this being by design, but may I ask what the
    >rationale is? The design appears to have changed from 5.5 to 6
    >according to my simple tests, and surely not launching an iexplore.exe
    >process from Windows Explorer makes everything less secure? (In that
    >another user could gain access to the PC and gain login credentials,
    >whereas they couldn't if an iexplore.exe was launched) Especially
    >seeing as this box is not ticked by default.
    >
    >I'm still thinking there must be a solution to this though. I cannot
    >get all my users to tick that box, because most of them won't and
    >people may login using public computers anyway. Many other sites I use
    >on the internet don't suffer from this problem, so I'm assuming there
    >must be something I can do to my site to plug this security hole? Is
    >there anything you can think of that might help?
    >
    >Thanks,
    >
    >Kev
    >


  • Next message: Larry: "trying to post to aspx anonyomously is blocked?"

    Relevant Pages

    • Re: asp.net 2.0 and process.start
      ... Do you want Process.Start on client machine or on server? ... We implemented one solution in which we have to launch our few windows based ... For this purpose, we created "Windows Control" ... different set of credentials. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: asp.net 2.0 and process.start
      ... Do you want Process.Start on client machine or on server? ... We implemented one solution in which we have to launch our few windows based ... For this purpose, we created "Windows Control" ... different set of credentials. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: asp.net 2.0 and process.start
      ... Do you want Process.Start on client machine or on server? ... We implemented one solution in which we have to launch our few windows based ... For this purpose, we created "Windows Control" ... different set of credentials. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: asp.net 2.0 and process.start
      ... Do you want Process.Start on client machine or on server? ... We implemented one solution in which we have to launch our few windows based ... For this purpose, we created "Windows Control" ... different set of credentials. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Possible IE 6 Bug - Differences Between Windows Explorer And IE
      ... > when you browse a URL via a Windows Explorer window, ... > credentials will no longer be cached after the Windows Explorer window is ... The 'Launch folder windows in a separate ...
      (microsoft.public.dotnet.framework.aspnet.security)