Security Considerations: URL Monikers
This topic provides information about security considerations related to the URL monikers API. This topic doesn't provide all you need to know about security issues—instead, use it as a starting point and reference for this technology area.
The following table lists features that, if used incorrectly, can compromise the security of your applications.
Using the value BINDF_IGNORESECURITYPROBLEM incorrectly can compromise the security of your application. If your implementation of IBindStatusCallback::GetBindInfo indicates that security problems with certificates and redirection should be ignored, users may be susceptible to unwanted information disclosure. You should not implement IBindStatusCallback::GetBindInfo such that it returns BINDF_IGNORESECURITYPROBLEM because it prevents Windows Internet Explorer from notifying users of security concerns.
|IHttpSecurity::OnSecurityProblem||Implementing this method incorrectly can compromise the security of your application. Returning a value of RPC_E_RETRY can potentially leave users of your application exposed to unwanted information disclosure. RPC_E_RETRY should only be returned when the application is running on a known trusted server or after you have verified information from the user.|
Build date: 11/17/2013