Home     Products      Support      Corporate     Sign In 
Support Knowledge Base, Article 1170
Product
XFile
Version
All versions
Title
Default internet security setting causes Windows XP SP2 to block the installation of XFile when the cab is unsigned.
Problem

SoftArtisans provides XFile in a digitally signed cab file. However, if you are accessing a web application which is distributing XFile in an unsigned cab file, this behavior may occur.

Windows XP SP2 has default internet security settings to block the installation of XFile if it is distributed in an unsigned cab file, even after the user clicks on "install ActiveX" in the information toolbar.

Internet Explorer give the following Security Warning:

Internet Exporer - Security Warning
Windows has blocked this software because it can't verify the publisher.
Name: saxfile.cab [saxfileee.cab]
Publisher: Unkown Publisher
To help protect your computer, Windows will block software when it annot verify the publisher.

Solution
There are multiple solutions for this problem:

  • Distribute a signed cab file.

    • Distribute the SoftArtisans signed cab file. Please note: This cab file warns of impending uploads and downloads and has other limitations to prevent XFile from being used maliciously while it is distributed with the SoftArtisans signature.

    • Distribute your own cab file and provide your own digital signature. The added benefit to this approach is that you can use the non-warning dlls and avoid unnecessary pop-up messages during uploads and downloads.

      To learn more about how to sign your own cab file and to better understand the differences between the warning and non-warning dlls, please see the section in the XFile documentation under "Installation" entitled Signing XFile.

  • Change the client security settings.

    Since obtaining a security certificate for a digital signature usually requires a brief waiting period with the certificate provider, you may prefer to continue with development by testing your unsigned cab file with reduced browser security settings. This can be done by adding your web application's URL to the "Trusted Sites" content zone (Tools...Internet Options...Security Tab). Then change the security level for that zone so that you are able to either directly accept unsigned Active X controls or so that you are prompted to do so.

Created : 8/4/2005 12:30:15 PM (last modified : 8/4/2005 12:30:14 PM)
Rate this article!
 
Comments