XMLHTTP and Norton Internet Security

[WhenAmIOn.com]

Hi all,

I developed a web site that uses javascript and XMLHTTP to dynamically load
info on the page from the server without having to re-load the page.
Recently I've received complaints of it not working, and the common thread
is that these users have Norton Internet Security installed (sorry, don't
know the version, but let's assume the latest). I don't have NIS. Can anyone
give me clear instructions as to how a user can change his/her NIS settings
so that a certain site may be trusted or so that users can use sites that
utilize the XMLHTTP object? Even when they shut off NIS, it still won't
allow access until they actually set it for manual start-up and then restart
their computer. TIA

-Monty

 

[Mark Schupp]

You are probably having an issue with the personal firewall software
blocking outgoing network requests (this is what it is supposed to do). It
has a lot of configuration settings. My installation, for example, warns me
each time a new program is attempting to access the network and gives me the
option to allow access or block it.

If you have a link to a public site I'll have a look at what message I get
from NIS. Depending on your audience however, you will probably have to
change your approach as Curt_C mentioned.

 

[Monty]

Thanks Curt, but I have to disagree. XMLHTTP is not a security hole per se,
it is a tool. Like any technology that connects to the internet, it has it's
inherent risks, but that doesn't necessarily make it a "security hole" any
more than Firefox or Telnet (well, ok, maybe a little more than Telnet). If
NIS were to block access to Outlook citing the fact that many viruses come
from email, and I wanted to send an email to a person using NIS, would you
recommend that I "rethink" my method and just call 'em on the phone instead
of sending an email? I don't think so (or, at least I hope not). Hasn't more
malicious damage been done through email viruses than XMLHTTP?

I will grant you that from an ease-of-use perspective it would certainly be
easier for them if I re-wrote my architecture, but that is not feasible at
this time. But hypothetically, if I ~did~ re-write my architecture using
another perfectly valid tool and NIS later decides that that tool is bad
too, what would you recommend then? Do you recommend I re-write a third
time? Where does it stop?

Sorry, hope this doesn't sound testy, I'm just frustrated with this
situation. I look forward to your response...

 

[Monty]

Thanks Curt, I think we'll have to agree to disagree. The browser and the
XMLHTTP object both work perfectly well together for me at what they're
designed to do, it's only when NIS gets involved that we reaffirm the truism
"three's a crowd".

This app is written in ASP.net, so that's why I chose this one. Sorry for
this stupid question, but could you recommend by name a better newsgroup for
this? The only client-side specific one I could find was in Danish, and I'm
a little rusty.

 

[Monty]

Whoops, found some groups. Thanks.