Date Published: March 2000
Author(s)
Wayne Jansen (NIST), Tom Karygiannis (NIST)
In this bulletin, the term “active content” is used in its broadest sense to refer to electronic documents that are able to automatically carry out or trigger actions without the intervention of a user. Examples of active content include PostScript documents, Java applets, JavaScript, word processing and spreadsheet macros, and executable electronic mail attachments. The purpose of this bulletin is to provide an overview of this technology so that the reader is better informed about the associated security risks and can make more informed IT security decisions. The bulletin provides real-world examples involving commonly available products and development tools as a way of increasing the understanding and awareness of the potential risks involved. A glossary of relevant terms and links to useful online references are also included at the end of this publication.
In this bulletin, the term “active content” is used in its broadest sense to refer to electronic documents that are able to automatically carry out or trigger actions without the intervention of a user. Examples of active content include PostScript documents, Java applets, JavaScript, word...
See full abstract
In this bulletin, the term “active content” is used in its broadest sense to refer to electronic documents that are able to automatically carry out or trigger actions without the intervention of a user. Examples of active content include PostScript documents, Java applets, JavaScript, word processing and spreadsheet macros, and executable electronic mail attachments. The purpose of this bulletin is to provide an overview of this technology so that the reader is better informed about the associated security risks and can make more informed IT security decisions. The bulletin provides real-world examples involving commonly available products and development tools as a way of increasing the understanding and awareness of the potential risks involved. A glossary of relevant terms and links to useful online references are also included at the end of this publication.
Hide full abstract
Keywords
active content; computer system security; information systems security; Java; JavaScript; macros; PostScript; risk management; security threats; security vulnerabilities
Control Families
None selected