After the page is loaded, the client performs a POST to <http://activex.microsoft.com/objects/ocget.dll>, which is used to load an ActiveX control within the web page.
This address is actually stored in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\CodeBaseSearchPath This key contains: CODEBASE;<<http://activex.microsoft.com/objects/ocget.dll>>;<http://codecs.microsoft.com/isapi/ocget.dll> Removing the initial CODEBASE keyword prevents users from downloading any ActiveX code from the Internet. I removed the whole line and the problem is gone. Thanks, Bart I think you are mistaken. Javascript can display directory contents to the client browser, but not transmit that info back to the server. Unless I am mistaken ;) On Wed, 6 Mar 2002, ruler wrote: _There are also sites that will let you view all of your directory trees, _which a server could easily see all of your files. Which do you think is _more scary? _----- Original Message ----- _From: �leon� <[EMAIL PROTECTED]> _To: <[EMAIL PROTECTED]> _Sent: Tuesday, March 05, 2002 12:30 PM _Subject: scary site _ _ _> -----BEGIN PGP SIGNED MESSAGE----- _> Hash: SHA1 _> _> http://www.liquidwd.freeserve.co.uk/ _> _> _> Try it with a windows machine and IE with all patches. _> _> Be afraid be very afraid. _> _> FYI this is for all those people who are think that just having a _> firewall is enough. _> _> Guess what? _> _> This works through packet filter, stateful inspection and proxy _> servers. _> _> Cheers, _> _> Leon _> _> -----BEGIN PGP SIGNATURE----- _> Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> _> _> iQA/AwUBPIUArNqAgf0xoaEuEQLn0wCgjtpLPuRxLbCscHrq32IjePeezf8AoI6t _> T73+xCv/VhrCGDVDIVrFBqZl _> =9gR6 _> -----END PGP SIGNATURE----- _> _ -- Thanks, John Ellingsworth Information Architect http://cu2k01.med.upenn.edu http://www.cu2000.med.upenn.edu +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- |j|e|l|l|i|n|g|s|@|ma|i|l|.|med|.|u|p|e|n|n|.|e|d|u| -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/
