Reputation: 95
ActiveX vulnerability
I am using Delphi and I want to use an ActiveX component (for compression) in my application. Will this make my program more vulnerable to virus attacks? My program is a backup application that uses FTP and sockets to transfer files and messages. My program has nothing to do with an Internet webbrowser.
Upvotes: 1
Views: 162
Answers (1)
Reputation: 612954
ActiveX per se does not of itself introduce security vulnerabilities. The horror stories relating to ActiveX are actually Internet Explorer horror stories. In the bad old days before Microsoft got wise to the dangers of the open internet, Internet Explorer would happily download ActiveX components from the internet and execute the ActiveX component's code from inside the browser process. This was of course a gaping security hole. Simply trick a user to navigate to your malicious site and then execute arbitrary code on their machine.
But that's not what you describe. You are using a third party component of your choice to perform some task. This is a completely different scenario. Now, that's not to say that this component does not have any vulnerabilities of itself, but the fact that it is consumed using ActiveX is not pertinent to that. If it has vulnerabilities then it would not matter whether it was a VCL component, an ActiveX component, or indeed any other component type.
Don't focus on the component architecture. It's the implementation of the component that matters.
Upvotes: 4
Related Questions
- ActiveX not working properly with default security settings
- Delphi ActiveX MSTSCLib
- An activex control on this page might be unsafe
- Creating an ActiveX component at run-time leads to Access Violation
- Delphi ActiveX Control Wizard
- Replacing ActiveX exe with .NET?
- ActiveX installation in Delphi 7.0
- Is it possible for the user to use an ActiveX control which is unknown for application?
- Distributing Delphi Application which uses an ActiveX control
- Running Activex control and Maintaining security