Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Microsoft documents security improvements planned for IE 7

As noted in this Tech Republic Article, Internet Explorer version 7 will support a more robust protocol for encrypting user data and securing online transactions.

http://blogs.msdn.com/ie/archive/2005/10/22/483795.aspx

QUOTE:  In a posting on the Microsoft Internet Explorer blog, IE program manager Eric Lawrence said that IE7 would support the Transport Layer Security (TLS) protocol by default. 

Lawrence also explained how IE7 will behave differently from earlier versions when it encounters potential security problems.

"Whenever IE6 encountered a problem with a HTTPS-delivered Web page, the user was informed via a modal dialog box and was asked to make a security decision. IE7 follows the XPSP2 'secure by default' paradigm by defaulting to the secure behavior," said Lawrence.

IE7 will not give users the option of seeing both secure and insecure items within an HTTPS page. With IE6, this option appears when the browser encounters an HTTPS page that includes some HTTP content. But in IE7, only the secure content will be rendered by default, forcing the user to choose to access the rest via the information bar.

"This is an important change because very few users (or web developers) fully understand the security risks of rendering HTTP-delivered content within a HTTPS page," Lawrence claimed.