Cross-zone Scripting - Origins of The Zone Concept

Origins of The Zone Concept

Internet Explorer 4 introduced a security zone concept into Internet Explorer. However, this is a generic issue which is not Internet Explorer specific; some other browsers also implicitly implement the Local Computer zone.

There are four well known zones in Internet Explorer:

  • Internet. The default zone. Everything which does not belong to other zones.
  • Local intranet.
  • Trusted sites. Usually used to list trusted sites which are allowed to execute with minimal security permissions (e.g. run unsafe and unsigned ActiveX objects).
  • Restricted sites.

These zones are explained in detail by Q174360: How to use security zones in Internet Explorer.

There is also an additional hidden zone:

  • Local Computer zone (or My Computer zone). This zone is particularly interesting because it can access files on the local computer. Historically this zone has been extremely insecure, but in recent versions Internet Explorer (for Windows XP) steps have been taken to reduce risks associated with zone.

Local intranet, Trusted sites and Local Computer are usually configured to be privileged zones. Most cross-zone scripting attacks are designed to jump from Internet zone to a privileged zone.

Read more about this topic:  Cross-zone Scripting

Famous quotes containing the words origins of, origins, zone and/or concept:

    Compare the history of the novel to that of rock ‘n’ roll. Both started out a minority taste, became a mass taste, and then splintered into several subgenres. Both have been the typical cultural expressions of classes and epochs. Both started out aggressively fighting for their share of attention, novels attacking the drama, the tract, and the poem, rock attacking jazz and pop and rolling over classical music.
    W. T. Lhamon, U.S. educator, critic. “Material Differences,” Deliberate Speed: The Origins of a Cultural Style in the American 1950s, Smithsonian (1990)

    Compare the history of the novel to that of rock ‘n’ roll. Both started out a minority taste, became a mass taste, and then splintered into several subgenres. Both have been the typical cultural expressions of classes and epochs. Both started out aggressively fighting for their share of attention, novels attacking the drama, the tract, and the poem, rock attacking jazz and pop and rolling over classical music.
    W. T. Lhamon, U.S. educator, critic. “Material Differences,” Deliberate Speed: The Origins of a Cultural Style in the American 1950s, Smithsonian (1990)

    Just like those other black holes from outer space, Hollywood is postmodern to this extent: it has no center, only a spreading dead zone of exhaustion, inertia, and brilliant decay.
    Arthur Kroker (b. 1945)

    There is a concept that is the corrupter and destroyer of all others. I speak not of Evil, whose limited empire is that of ethics; I speak of the infinite.
    Jorge Luis Borges (1899–1986)