activeX controls not allowed for trusted site

[Guest]

I'm getting the Information Bar message "Your security settings do not allow
Web sites to use ActiveX controls installed on your computer..." for the
following site:

http://www.ryanwilkins.com/

The site is in my Trusted Sites; the Trusted sites icon displays at the
bottom of the page. In my settings for Trusted Sites I have all of the
ActiveX Controls and Plugins options set either to enable or prompt -- none
are set to disable. I thought that the ones set as prompt would display a
message to which I could respond either "go ahead" or "don't go ahead". Is
the Information Bar message coming up because I have some marked prompt? If
not, is there something else I can do to avoid the message? Are there other
settings, beyond the ones under ActiveX Controls and Plugins, that might
affect this behavior?

TIA,

Phil

 

[Robert Aldwinckle]

I'm getting the Information Bar message "Your security settings do not allow
Web sites to use ActiveX controls installed on your computer..." for the
following site:

http://www.ryanwilkins.com/

The site is in my Trusted Sites; the Trusted sites icon displays at the
bottom of the page. In my settings for Trusted Sites I have all of the
ActiveX Controls and Plugins options set either to enable or prompt -- none
are set to disable. I thought that the ones set as prompt would display a
message to which I could respond either "go ahead" or "don't go ahead". Is
the Information Bar message coming up because I have some marked prompt? If
not, is there something else I can do to avoid the message? Are there other
settings, beyond the ones under ActiveX Controls and Plugins, that might
affect this behavior?

Yes. You are showing a protocol on that URL which is not normally
used with trusted sites. If you want to try using non-secure HTTP
you also need to *uncheck* /Require server verification (https
for all sites in this zone/ (in the Trusted Sites' Trusted sites dialog)
and probably remove https:// from the list entry too.

TIA,

Phil

HTH

Robert Aldwinckle
---

 

[Guest]

Thanks for your reply Robert.

What you say makes sense and, in fact, I DO have the /Require server
verification (https for all sites in this zone/ UNCHECKED.

I wonder if it's possible that it's simply a bogus message. That is, even
though the message is displayed, I can and do execute ActiveX controls on the
site? The reason I say this is that the screen display, except for the info
bar message, seems to be complete; I don't see empty spaces in the page that
would suggest that some sort of display that might require ActiveX is not
being shown. When I hover over certain part of the screen where the hint
shows "Click to activate and use this control", clicking does seem to bring
up the appropriate screen. If activeX was in fact disabled, I would expect
NOTHING to happen when the control is clicked.

Thanks,

Phil

 

[Guest]

Thanks for your reply, Robert.

I DO have /Require server verification (https for all sites in this zone/
UNCHECKED.

I wonder if it's just a bogus message? I mean, maybe ActiveX controls are
not actually being blocked. I don't find any controls on the screen that,
when I click them, NOTHING happens.

Thanks,

Phil

 

[Robert Aldwinckle]

Thanks for your reply, Robert.

I DO have /Require server verification (https for all sites in this zone/
UNCHECKED.

I wonder if it's just a bogus message? I mean, maybe ActiveX controls are
not actually being blocked. I don't find any controls on the screen that,
when I click them, NOTHING happens.

It doesn't matter if they don't do anything. What matters is that they are coded.

For example, what is this for:

<extract mod="lineends inserted to aid wrapping>

<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000"
codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0"
width="750" height="217" align="middle">
<param name="allowScriptAccess" value="sameDomain" />
<param name="movie" value="fla/header.swf" /><param name="wmode" value="transparent" />
<param name="quality" value="high" /><param name="bgcolor" value="#2a4249" />
<embed src="fla/header.swf" quality="high" bgcolor="#2a4249" width="750" wmode="transparent" height="217"
name="header" align="middle" allowScriptAccess="sameDomain" type="application/x-shockwave-flash"
pluginspage="http://www.macromedia.com/go/getflashplayer" />
</object>

</extract>


Evidently it's Macromedia Flash to implement the menu under the picture.
It seems to be working. Right-click on it and you'll see
a Macromedia Flash menu. What may be problematic about it
is the other site which is now associated with this "trusted site".
E.g. perhaps it would be necessary to "trust" it too?
(particularly since it is providing the "codebase" for the ActiveX control

Thanks,

Phil

Good luck

Robert
---

 

[Guest]

Robert, thanks for your reply.

What may be problematic about it is the other site which is now
associated with this "trusted site".E.g. perhaps it would be necessary to
"trust" it too?

I don't have any expertise in this type of code, but I see where you are
going. I've seen cases where a trusted site "goes to" another, not-trusted
site, and I get a warning message giving me the option to block or not-block
going to the not-trusted site. In the present case, I don't see any such
message, which is a bit puzzling.

Phil

 

[Robert Aldwinckle]

Robert, thanks for your reply.


I don't have any expertise in this type of code, but I see where you are
going. I've seen cases where a trusted site "goes to" another, not-trusted
site, and I get a warning message giving me the option to block or not-block
going to the not-trusted site. In the present case, I don't see any such
message, which is a bit puzzling.

Not really. If they only have the chance to issue one message
I would expect the more important message to be issued instead
of the less important one. E.g. otherwise they would have to prompt:
"trusted site refers to content from non-trusted site" and then:
"by the way, the untrusted site's content may not be allowed anyway".
E.g. they couldn't satisfy both prompts with only one, so they
create one with the effect of disabling both.

What happens if you try *enabling* (not prompting for) Active Scripting,
ActiveX Controls and Allow ActiveX controls in Scripts instead:
do you get the prompt about the non-trusted site then?


Good luck

Robert
---