RealTime IT News

XP SP2: Do's & Don'ts For Web Sites

If you manage a Web site that uses ActiveX controls, file downloads, pop-up windows or the Microsoft Java Virtual Machine (MSJVM), chances are you will need to tweak your code to deal with the new security features in Windows XP Service Pack 2 (SP2).

As part of preparations for the final release of the service pack, Microsoft is again urging Web developers to closely examine the XP changes and make the necessary code modifications to minimize disruptions.

The software giant released a document, titled How to Make Your Web Site Work with Windows XP Service Pack 2, that spells out the code tweaks needed to deal with SP2.

For instance, Web sites using ActiveX controls will run into problems because of the changes made to the Internet Explorer (IE) browser to block those controls in some cases. Microsoft recommends that site owners make sure that all ActiveX controls distributed through a Web site are signed and have up-to-date signatures.

"These signatures must be on the .cab files as well as the .dll files. If these are not signed with valid signatures, Internet Explorer will block them from installing," Microsoft warned in the report.

For sites that automatically redirect a page based on whether an ActiveX control was instantiated, Microsoft recommends the placement of a span within object tags detailing that the page could not load.

"If your site does not do this, the user will be moved to the new page after the Information Bar blocks your control, and will not be given a chance to install the control."

For sites that initiate file downloads that are not initiated by the user, Microsoft said XP SP2 will block those downloads or display a dialog box asking for user initiation. The company is urging Web site owners to make all downloads the result of user-initiated action.

The company said Web sites that contain file types with mismatched Content-Type and/or file extension must be corrected.

"Both the Content-Type and the file extension must match the type of the file for a download prompt to appear. Be sure this is true for your Web pages as well. If the Content-Type is plain/text, then they will not render as HTML," the company explained.

Because SP2 has been fitted with a default pop-up blocker, Microsoft said sites that use the window.createPopup() method will encounter disruptions.

For Web sites that depend on the Microsoft Java Virtual Machine (MSJVM), the company is recommending that developers review their code to deal with changes in the service pack. Microsoft also released tutorials for the required code changes.

Earlier this year, Microsoft warned that SP2 will break and disrupt existing applications unless specific code rewrites are made at the developer end.

Windows XP SP2 will make significant changes to deal with increased network protection, memory protection, improved e-mail security and enhanced browsing security; but these changes will lead to major disruption unless developers tweak their applications.

Enterprise developers are urged to pay attention to the changes in network protection. Specifically, Windows Firewall, the RPC Interface and DCOM Security enhancements have been modified in SP2.

The XP overhaul will be issued as a "critical" update when it is released to manufacturers in July.