This keeps the ?¬?le dialog box isolated from the
main CardSpace UI because it has extensibility hooks that make
it unsafe to open on the private desktop. These hooks could
otherwise introduce a path for malicious code to execute on the
private desktop. As an experiment, when CardSpace opens a ?¬?le
dialog, try pressing the Windows key. You??™ll see the Start menu
pop-up, a sure indicator that you are not on the private desktop.
Disabling CardSpace
Although the CardSpace private desktop raises the security bar,
it does introduce a couple of concerns. One of those concerns is
giving a website the capability to cause a desktop switch on the
user??™s computer. This can be a major pain if the site calls
CardSpace in a loop, effectively rendering the user??™s computer
unusable. The Disable Windows CardSpace option is the escape
hatch. This causes a different error code to be returned to
Internet Explorer, which will redirect the user to a safe page.
This page is a local resource ?¬?le located at res://icardie.dll/
safe_page.html. If you have Internet Explorer 7 and type this in
the address bar, you will see the safe page, which is also shown
in Figure 3-13.
In case of a badly
behaved application,
CardSpace
can be disabled
207
After the disable option is used, CardSpace will not be able to
be called from that instance of Internet Explorer.
Pages:
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330