P3
Access Restriction to DeployHelper controls:
If the following 2 "toggle" registry keys exist, DeployHelper will check its settings prior to allow usage of unsafe scripts.
"EnableSafeDeployHelper" key:
- Set to "1"to enable -- only a "safe" subset of DeployHelper scripts is allowed.
-Set to "0" to disable -- all scripts are allowed
- If "EnableSafeDeployHelper" key does not exist, it's equivalent to setting it to "0".
Note: the "safe" subset of detection scripts is to be determined. We'll need to review current scripts to define which one is "safe".
"EnableDomainCheck" key:
- Set to "1" to enable -- DeployHelper's scripts -- whether with "EnableSafeDeployHelper" enabled or disabled, will be allowed only within the doc base's domain.
-Set to "0" to disable -- no domain is inspected
- If "EnableDomainCheck" key does not exist, it's equivalent to setting it to "0".
Note: How to inspecting enterprise domain is implementation detail. It could be done by inspecting that the doc base of the page embedding DeployHelper is in the same domain as the target machine.
Deployment tactic for these keys:
These keys won't be populated by our installer. we'll simply inform enterprise customers about the settings and the usage of the above keys.
This RFE is to support the "EnableDomainCheck" feature, not "EnableSafeDeployHelper".
"EnableSafeDeployHelper" may be unnecessary depended on the outcomes of Security Static Version RFE.
###@###.### 2005-05-06 18:06:05 GMT
If the following 2 "toggle" registry keys exist, DeployHelper will check its settings prior to allow usage of unsafe scripts.
"EnableSafeDeployHelper" key:
- Set to "1"to enable -- only a "safe" subset of DeployHelper scripts is allowed.
-Set to "0" to disable -- all scripts are allowed
- If "EnableSafeDeployHelper" key does not exist, it's equivalent to setting it to "0".
Note: the "safe" subset of detection scripts is to be determined. We'll need to review current scripts to define which one is "safe".
"EnableDomainCheck" key:
- Set to "1" to enable -- DeployHelper's scripts -- whether with "EnableSafeDeployHelper" enabled or disabled, will be allowed only within the doc base's domain.
-Set to "0" to disable -- no domain is inspected
- If "EnableDomainCheck" key does not exist, it's equivalent to setting it to "0".
Note: How to inspecting enterprise domain is implementation detail. It could be done by inspecting that the doc base of the page embedding DeployHelper is in the same domain as the target machine.
Deployment tactic for these keys:
These keys won't be populated by our installer. we'll simply inform enterprise customers about the settings and the usage of the above keys.
This RFE is to support the "EnableDomainCheck" feature, not "EnableSafeDeployHelper".
"EnableSafeDeployHelper" may be unnecessary depended on the outcomes of Security Static Version RFE.
###@###.### 2005-05-06 18:06:05 GMT