Security Considerations: URL Monikers

This topic provides information about security considerations related to the URL monikers API. This topic doesn't provide all you need to know about security issues—instead, use it as a starting point and reference for this technology area.

  • Security Alerts
  • Related topics

Security Alerts

The following table lists features that, if used incorrectly, can compromise the security of your applications.

Feature documentation Alert
BINDF

Using the value BINDF_IGNORESECURITYPROBLEM incorrectly can compromise the security of your application. If your implementation of IBindStatusCallback::GetBindInfo indicates that security problems with certificates and redirection should be ignored, users may be susceptible to unwanted information disclosure. You should not implement IBindStatusCallback::GetBindInfo such that it returns BINDF_IGNORESECURITYPROBLEM because it prevents Windows Internet Explorer from notifying users of security concerns.

IHttpSecurity::OnSecurityProblem Implementing this method incorrectly can compromise the security of your application. Returning a value of RPC_E_RETRY can potentially leave users of your application exposed to unwanted information disclosure. RPC_E_RETRY should only be returned when the application is running on a known trusted server or after you have verified information from the user.

 

Security Best Practices