Results 1 to 5 of 5
  1. #1
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Security Flaw? (6 SP1)

    I've seen the "unspecified potential security flaw" a few times recently, and just now while in the Lounge. The MSKB has a useless (to me) article PRB: "Unspecified Potential Security Flaw" Message When You Call ShowModalDialog Function . It seems to say that the site code is causing it, but doesn't offer a workaround for users. The only other reference I found was Error message: "This page has an unspecified potential security flaw..." and it relates to "iNotes", which I don't have. It gives a workaround where you nominate servers as being on your intranet. Not really viable when this seems to be a random occurrence.

    Any ideas?
    Attached Images Attached Images
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Security Flaw? (6 SP1)

    Can you give a link to any pages that generate this warning? I've never seen it (using IE 5.01 or 5.5).

    This page provides a little more information about the ShowModalDialog function: showModalDialog Method. In particular, it states "Because a modal dialog box can include a URL to a resource in a different domain, do not pass information through the vArguments parameter that the user might consider private." Maybe this is why you get a warning, to let you know something you only intended to share with the main site could leak out, but the ambiguity of IE's warnings is maddening.

    (There's a demo button down the page that throws up one of these dialogs, but because Microsoft.com is one of my Trusted Sites, I don't get any prompts.)

  3. #3
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Flaw? (6 SP1)

    Ths has only been occurring the last couple of days, and infrequently, but the next time I see it (& remember) I'll get the link and post it. Maybe a bit hard to identify though because I typically have 3-4 ie windows/sessions going at once, and the message doesn't seem to appear immediately you go to a page. The last time was when I had only a single window open at the Lounge, and was reading posts in a thread (flat mode) - I had read one or two posts before the message popped up (don't remember forum or thread).

    I had a look at your link, and played with the demo button, and the dialog creation page, but no errors (no MS sites are set as trusted). Although the KB article points at the showModalDialog, I don't recall seeing any dialogs, other than normal web pages, when the message has occurred.

    The cross domain issue could be related, but I've got "Access data sources across domains" set to "Prompt", so that should handle it.
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

  4. #4
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Cairns, Queensland, Australia
    Posts
    885
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Flaw? (6 SP1)

    HI Tom,

    Just a passing thought. Do you happen to be a BIGpond customer?

    My access via them has been acting really weird for the last week. I thought it was just me but..
    Granville

  5. #5
    5 Star Lounger
    Join Date
    Dec 2002
    Location
    Perth, Western Australia, Australia
    Posts
    730
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Security Flaw? (6 SP1)

    Nope. Just a little fish - can't afford the BigPond <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

    Your issues could be related to <!post=Re: What is this about?,258162>Re: What is this about?<!/post>. I've heard a lot stories about dramas over here in the west during this week. Especially where someone has AAPT or Optus for their local calls and the ISP is with Telstra. Some have had outages over 24hrs, and have to dial in using the override code to get a Telstra line.

    My problem, once reported seems to have vanished <img src=/S/crossfingers.gif border=0 alt=crossfingers width=17 height=16> - A bit like taking your car to the mechanic to diagnose a strange sound <img src=/S/sigh.gif border=0 alt=sigh width=15 height=15>
    <font face="Comic Sans MS" color="blue">TimOz</font>
    <img src=/S/flags/Finland.gif border=0 alt=Finland width=30 height=18> <img src=/S/flags/Australia.gif border=0 alt=Australia width=30 height=18>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •