Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 218
  • Last Modified:

Internet Explorer Active Scripting Setting

In our company we use Internet Explorer 6.0

Active Scripting has been disabled for the whole company. This means that many AJAX and other advanced webpages do not display correctly.

Are there any current known security issues with enabling this? I searched online and found only issues from 2003, but nothing recent. How can we convince our central IT to enable this feature? Any good reference sites?
0
riffrack
Asked:
riffrack
  • 2
1 Solution
 
IsisagateCommented:
Well First thought is if there are only certain sites you care about loading right set them as trusted sites and enable it for trusted sites only to minimize the risk.
0
 
IsisagateCommented:
I don't have any data to back this up but I don't believe active scripting is a threat, the true threat would be plug-ins. Connecting the browser to the server via AJAX, the worst that can happen is that the page tracks every action you do within that window's context. So what would that mean they know you mouse hovered over an image, or that you started to type xxxxx but erased it, or they can get some generic machine related data like screen resolution in real time without a form submit. But they can't do anything malicious that I am aware of. As the browser retains a security lock out of non-related windows accessin each other's memory.. So the script can't find out that there are other windows open unless it opened them.  it can't pass data between different domains. So for instance I can't put in AJAX calls to google on xyz domain... unless I have a page on xyz domain calling out to google returning it through xyz domain.


0
 
riffrackAuthor Commented:
Many thanks for your information. I agree with your comments.

Does anybody have any reference sites which explains this in detail?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now