XML Client Security

MSXML 5.0 SDK

Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office - XML Developer's Guide

XML Client Security

This topic describes how you can use the Microsoft XML Core Services (MSXML) 5.0 for Microsoft Office and the security zones of Microsoft Internet Explorer 5.0 and later.

Accessing Data Across Domains

The security scheme for MSXML is based on Internet Explorer security zones and settings. The Access data sources across domains setting allows the user three options: Disable, Enable, or Prompt. The following are the four security zones and their defaults for the Access data sources across domains setting.

Internet
Disable
Local intranet
Prompt
Trusted
Enable
Restricted
Disable

If a user loads a page in the Local intranet zone that uses MSXML to access data from another site in the Local intranet zone, the user will be prompted that data is being accessed across domains.

Accessing Data Across Protocols

Access is denied if either of the following cross-protocol access is attempted:

  • https to http access
  • http to https access

Accessing Data Across Zones

Cross-zone access of data is permitted only in cases in which more trusted zones access data from less trusted zones. This allows intranet applications to access data on the intranet and Internet.

The following table describes which zones have access to other zones when the Access data sources across domains setting is set to Enable or Prompt.

  To Zone        
From Zone Local Internet Local Intranet Trusted Sites Restricted Sites
Local Access Granted Access Granted Access Granted Access Granted Access Denied
Internet Access Denied Access Granted Access Denied Access Denied Access Denied
Local Intranet Access Denied Access Granted Access Granted Access Denied Access Denied
Trusted Sites Access Denied Access Granted Access Granted Access Granted Access Denied
Restricted Sites Access Denied Access Denied Access Denied Access Denied Access Denied

Note   Although Local is not one of the four security zones, the parser treats files on the local computer as if they are in their own zone.