Marking a Python COM server safe for Internet Explorer

Bill Bell bill-bell at
Fri Jul 6 14:29:54 EDT 2001

On 6 Jul 2001, at 13:04, Skip Montanaro wrote:
>     Bill> As a kind of default, Internet Explorer will ask the user's
>     Bill> permission before instantiating an ActiveX control. However,
>     one Bill> can implement IObjectSafety to inform IE that one's
>     control is Bill> safe, thus sparing the user the need to respond
>     to the dialog box.
> I have nothing useful to help you with your quest ... 


> ... but it seems that if the ActiveX control can say "trust me!",
> it's sort of like asking the fox to guard the hen house. 

Well, many software developers are not carnivores. Some of us 
injure the chickens only by accident. What I'm trying to say is that 
I'm not sure your simile is quite apt.

> Did I misunderstand something? Wouldn't all ActiveX controls
> simply implement IObjectSafety simply to make them easier to use
> (less annoying to the user)? 

OTOH, as 'net people are apt to say:

1. To a certain degree I think you're correct, especially considering 
that it takes a lot less skill and knowledge to mark the control safe 
that it would to actually make it safe. (You will I trust forgive me a 
split infinitive.)

2. In order to reach the stage where this message is emitted the 
control must have been installed on the user's computer (which, I 
suppose, corresponds to the chicken). In order to provide some 
assurance to the user one can, for one thing, associate a 
certificate with one's ActiveX control and the user can accept the 
certificate only if it was issued by some overwhelmingly trustworthy 
source--say Microsoft of Redmond, Washington.

In my case, though, the chickens are all housed in research 
buildings and, whether they know it or not, the fox has already 
been allowed into all of the buildings. No certificate needed, hehe.

Peace, eh.

More information about the Python-list mailing list