Security Considerations: URL Monikers
This topic provides information about security considerations related to the URL monikers API. This topic doesn't provide all you need to know about security issues—instead, use it as a starting point and reference for this technology area.
- Security Alerts
- Related topics
Security Alerts
The following table lists features that, if used incorrectly, can compromise the security of your applications.
| Feature documentation | Alert |
|---|---|
| BINDF | Using the value BINDF_IGNORESECURITYPROBLEM incorrectly can compromise the security of your application. If your implementation of IBindStatusCallback::GetBindInfo indicates that security problems with certificates and redirection should be ignored, users may be susceptible to unwanted information disclosure. You should not implement IBindStatusCallback::GetBindInfo such that it returns BINDF_IGNORESECURITYPROBLEM because it prevents Windows Internet Explorer from notifying users of security concerns. |
| IHttpSecurity::OnSecurityProblem | Implementing this method incorrectly can compromise the security of your application. Returning a value of RPC_E_RETRY can potentially leave users of your application exposed to unwanted information disclosure. RPC_E_RETRY should only be returned when the application is running on a known trusted server or after you have verified information from the user. |