2016년 1월 13일 수요일

Security options compared for security levels (Internet Explorer 11)




.NET Framework


H
MH
M
ML
L
1
Loose XAML
D
D
E
E
E
2
XAML browser applications
D
D
E
E
E
3
XPS documents
D
E
E
E
E

.NET Framework-reliant components


H
MH
M
ML
L
4
Permissions for components with manifests
D
H
H
H
H
5
Run components not signed with Authenticode
D
E
E
E
E
6
Run components signed with Authenticode
D
E
E
E
E

ActiveX controls and plug-ins


H
MH
M
ML
L
7
Allow ActiveX Filtering
E
E
E
D
D
8
Allow previously unused ActiveX controls to run without prompt
D
D
E
E
E
9
Allow Scriptlets
D
D
D
E
E
10
Automatic prompting for ActiveX controls
D
D
D
E
E
11
Binary and script behaviors
D
E
E
E
E
12
Display video and animation on a webpage that does not use external media player
D
D
D
D
D
13
Download signed ActiveX controls
D
P
P
P
E
14
Download unsigned ActiveX controls
D
D
D
D
P
15
Initialize and script ActiveX controls not marked as safe for scripting
D
D
D
D
P
16
Only allow approved domains to use ActiveX without prompt
E
E
D
D
D
17
Run ActiveX controls and plug-ins
D
E
E
E
E
18
Run antimalware software on ActiveX controls
E
E
D
D
D
19
Script ActiveX controls marked safe for scripting*
D
E
E
E
E

Downloads


H
MH
M
ML
L
20
File download
D
E
E
E
E
21
Font download
D
E
E
E
E

ETC


H
MH
M
ML
L
22
Enable .NET Framework setup
D
E
E
E
E

Miscellaneous


H
MH
M
ML
L
23
Access data sources across domains
D
D
D
P
E
24
Allow dragging of content between domains into separate windows
D
D
D
D
D
25
Allow dragging of content between domains into the same window
D
D
D
D
D
26
Allow META REFRESH
D
E
E
E
E
27
Allow scripting of Microsoft web browser control
D
D
D
E
E
28
Allow script-initiated windows without size or position constraints
D
D
D
E
E
29
Allow webpages to use restricted protocols for active content
D
P
P
P
P
30
Allow websites to open windows without address or status bars
D
D
E
E
E
31
Display mixed content
P
P
P
P
P
32
Don't prompt for client certificate selection when only one certificate exists
D
D
D
E
E
33
Drag and drop or copy and paste files
P
E
E
E
E
34
Enable MIME Sniffing
D
E
E
E
E
35
Include local directory path when uploading files to a server
D
D
E
E
E
36
Launching applications and unsafe files
E
E
E
E
E
37
Launching programs and files in an IFRAME
D
P
P
P
E
38
Navigate windows and frames across different domains
D
D
D
E
E
39
Render legacy filters
D
D
E
E
E
40
Submit non-encrypted form data
P
E
E
E
E
41
Use Pop-up Blocker
E
E
E
D
D
42
Use SmartScreen Filter
E
E
E
D
D
43
Userdata persistence
D
E
E
E
E
44
Websites in less privileged web content zone can navigate into this zone
D
E
E
E
P

Scripting


H
MH
M
ML
L
45
Active scripting
D
E
E
E
E
46
Allow Programmatic clipboard access
D
P
P
E
E
47
Allow status bar updates via script
D
D
E
E
E
48
Allow websites to prompt for information using scripted windows
D
D
E
E
E
49
Enable XSS filter
E
E
E
D
D
50
Scripting of Java applets
D
E
E
E
E

User Authentication



H
MH
M
ML
L
51
Logon
4
2
2
2
3

댓글 없음: