This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release. The Exchange Application Security Module supports two main configurations. The logic for these configurations is controlled by the nLocation parameter in the CreateSecurityDACL Method, which either sets the security on the server or on the client.
Security on Server
This default configuration uses Microsoft® ActiveX® Data Objects (ADO) on the server to save and load discretionary access control list (DACL) objects. This configuration supports all clients using a browser that supports Microsoft JScript®, including Netscape Navigator.
LoadSaveDACL.js has ADO code for loading and saving DACL objects when security is set on the server. This file also has code for instantiating a client XMLHTTP object when security is set on the client.
To support browsers other than Microsoft Internet Explorer, you must use CustomLoadSaveDacl.js instead of LoadSaveDacl.js. This custom script uses FORM posts and ADO to load and save DACL objects and does not contain any code that instantiates client objects, unlike LoadSaveDacl.js.
The following figure depicts a Security on Server configuration in which ADO is used to load and manipulate the XML of the security descriptor as DACL objects. Security.js contains the Exchange Application Security Module's core functions.
Security on Client
This configuration uses LoadSaveDACL.js to instantiate a client XMLHTTP object to update the security descriptor remotely. Only Internet Explorer supports this configuration.