Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This topic provides information about security considerations related to the URL monikers API. This topic doesn't provide all you need to know about security issues—instead, use it as a starting point and reference for this technology area.
- Security Alerts
- Related topics
Security Alerts
The following table lists features that, if used incorrectly, can compromise the security of your applications.
| Feature documentation | Alert |
|---|---|
| BINDF | Using the value BINDF_IGNORESECURITYPROBLEM incorrectly can compromise the security of your application. If your implementation of IBindStatusCallback::GetBindInfo indicates that security problems with certificates and redirection should be ignored, users may be susceptible to unwanted information disclosure. You should not implement IBindStatusCallback::GetBindInfo such that it returns BINDF_IGNORESECURITYPROBLEM because it prevents Windows Internet Explorer from notifying users of security concerns. |
| IHttpSecurity::OnSecurityProblem | Implementing this method incorrectly can compromise the security of your application. Returning a value of RPC_E_RETRY can potentially leave users of your application exposed to unwanted information disclosure. RPC_E_RETRY should only be returned when the application is running on a known trusted server or after you have verified information from the user. |