Shell Security


PM: Loren Kohnfelder (LorenK)
Dev: Bryan Starbuck (Bryanst)
Test: Doug Dobbins (DougDob)


1. CIFS Security Checks


CIFs is a standard Microsoft supports to expand UNC support across the internet by using DNS names. It's possible to open a Shell Folder to \\www.mycompany.com\share\subdir1\. The Zones Status Bar is the primary way the user is informed about where they are and whether they should trust the contents of this folder. We do zone checks on actions if the list of files is hosted by HTML because the host HTML can mislead the user into launching items.


DefView (the window containing the list of File System items) can be hosted in the following situations:

What if the zone check fails?


CIFS Specs



FTP Tests