[plt-scheme] IE Warnings

From: Eli Barzilay (eli at barzilay.org)
Date: Fri Jun 27 09:32:09 EDT 2008

On Jun 27, Yavuz Arkun wrote:
> OK, here is an alternative approach from the truly kludgy fringe, tested on XP:
> 1. Make sure Windows "file and printer sharing" is enabled.
> 2. Make the "doc" subfolder of the PLT install "shared" via right
> click/properties/sharing. Give it the share name "doc".
> 3. Access the documentation by typing "\\igor\doc\index.html" in the
> browser. (My host name is igor.) Everything seems to work without
> the warnings, etc. [...]

Yes, I'm aware of that solution.  It was suggested in the context of a
CDROM that shows some context using html with javascript.  One problem
is that it requires turning sharing for some directories, which is not
a good idea, and another is that there is no point where the
application can remove the sharing -- users can just quit drscheme,
but continue reading the docs.

> I think it would also work if you can add "file:/<your PLT Install
> folder>/doc" to trusted zone sites under IE security settings and
> uncheck the https box. I could not manage to find a way to make the
> dialog accept any variant of the string though.

That *would* be a good solution, but AFAICT, you cannot do that.  (I
think that it's fine to do that for the PLT directory -- after all,
you do trust PLT enough to run the installer.)

> BTW, I cannot follow the logic of the EI settings: does a file
> really become less dangerous if it is on a remote or local server
> rather than your own PC?

In theory, the Internet zone is more restricted as you expect.  But
the local zone lockdown is adding extra restrictions on local files in
a way that makes it more restricted in practice.  I can imagine this
happening as follows:

* Local files are obviously the most trusted, they can have javascript
  with filesystem access.

* Ooops, some people download html pages, and view them locally, which
  adds the potential of .html files with viruses.

* A good solution would be to remove the extra priviliges so that
  there's no FS access etc -- but MSs solution is to simply forbid any
  kind of javascript.

  [You have a loose window in your house that people can easily break
  through and steal your stuff?  Fixing the window is expensive?  Easy
  solution: move everything to the basement and live there.  Problem

          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                  http://www.barzilay.org/                 Maze is Life!

Posted on the users mailing list.