If you manage a Web site that uses ActiveX controls, file downloads,
pop-up windows or the Microsoft Java Virtual Machine (MSJVM), chances are
you will need to tweak your code to deal with the new security features in
Windows XP Service Pack 2 (SP2).
As part of preparations for the final release of the service pack,
Microsoft is again urging Web developers to closely
examine the XP changes and make the necessary code modifications to
minimize disruptions.
The software giant released a document, titled How to Make Your Web Site Work with Windows XP
Service Pack 2, that spells out the code tweaks needed to deal with
SP2.
For instance, Web sites using ActiveX controls will run into problems
because of the changes made to the Internet Explorer (IE) browser to block
those controls in some cases. Microsoft recommends that site owners make
sure that all ActiveX controls distributed through a Web site are signed
and have up-to-date signatures.
“These signatures must be on the .cab files
as well as the .dll files. If these are not signed with valid signatures,
Internet Explorer will block them from installing,” Microsoft warned in the report.
For sites that automatically redirect a page based on whether an ActiveX
control was instantiated, Microsoft recommends the placement of a span
within object tags detailing that the page could not load.
“If your site
does not do this, the user will be moved to the new page after the
Information Bar blocks your control, and will not be given a chance to
install the control.”
For sites that initiate file downloads that are not initiated by the
user, Microsoft said XP SP2 will block those downloads or display a
dialog box asking for user initiation. The company is urging Web site owners
to make all downloads the result of user-initiated action.
The company said Web sites that contain file types with
mismatched Content-Type and/or file extension must be corrected.
“Both the
Content-Type and the file extension must match the type of the file for a
download prompt to appear. Be sure this is true for your Web pages as well.
If the Content-Type is plain/text, then they will not render as HTML,” the company explained.
Because SP2 has been fitted with a default pop-up
blocker, Microsoft said sites that use the window.createPopup()
method will encounter disruptions.
For Web sites that depend on the Microsoft Java Virtual Machine (MSJVM),
the company is recommending that developers review their code to deal with
changes in the service pack. Microsoft also released tutorials for
the required code changes.
Earlier this year, Microsoft warned that SP2 will break and
disrupt existing applications unless specific code rewrites are made at
the developer end.
Windows XP SP2 will make significant changes to deal with increased
network protection, memory protection, improved e-mail security and enhanced
browsing security; but these changes will lead to major disruption unless
developers tweak their applications.
Enterprise developers are urged to pay attention to the changes in
network protection. Specifically, Windows Firewall, the RPC Interface and
DCOM Security enhancements have been modified in SP2.
The XP overhaul will be issued as a “critical”
update when it is released to manufacturers in July.
