Security Considerations: Windows Image Acquisition Automation Layer
This document provides information about security considerations related to the Windows Image Acquisition (WIA) Automation Layer. This document does not provide all you need to know about security issues; instead, use it as a starting point and reference for this technology area.
- Controls Are Not Safe for Scripting
- Configure Security Settings for ASP Access
- Administrator Permission
- Place Registered Applications in Secure Locations
- Do Not Use Underlying Directories or Registry Keys
- Related Topics
The WIA Automation Layer is not marked safe for scripting. Therefore, proper functionality depends on your security settings.
To function successfully, the RegisterPersistentEvent and UnregisterPersistentEvent methods require Administrator permission. For an example that uses these methods, see Implement a Windows Script Host Script that Runs Automatically in Shared Samples.
When an application is registered to receive a device event, that application can be run by any user with access to that device. For example, if an application is registered for a scan event, pressing the scan button on a scanner causes that application to run. If the application runs with a higher privilege than the user has, there is a potential security issue.
Windows Image Acquisition (WIA) uses several directories and registry keys internally to store data or information. Do not access these directories or registry keys directly. Instead, use the exposed methods to specify directories for acquired images.
- Getting Started with Samples
- Microsoft Security
- MSDN Library Security Home Page
- Security How-To Resources
- TechNet Security Resources
- Security Considerations for Windows XP Embedded Developers
- Best Practices for the Security APIs