Click to return to the XML (Extensible Markup Language) home page    
Using XML on the Server     XML Data Islands     XML Developer's Guide    
Web Workshop  |  XML (Extensible Markup Language)

XML Security Developer's Guide


This document describes how you can use the security zones and XML parser of Microsoft® Internet Explorer 5 together. The following topics are discussed:

Accessing Data Across Domains

The security scheme for the Internet Explorer 5 XML parser is based on the Internet Explorer security zones and the settings within each zone. The relevant setting in terms of the parser is the "Access data sources across domains" setting. This setting allows the user three options: Disable, Enable, or Prompt. The user can choose a different setting for each of the four security zones: Internet, Local intranet, Trusted sites, and Restricted sites. The default settings for the "Access data sources across domains" setting are Internet/Disable, Local intranet/Prompt, Trusted sites/Enable, and Restricted sites/Disable. This means that if the user loads a page in the Intranet zone that uses the XML parser to access data from another site (but still in the Local intranet zone), the user will be prompted and informed that data is being accessed across domains.

Accessing Data Across Protocols

In addition to the zone checking described above, there are also certain restrictions on cross-protocol access of data. The only cross-protocol access that is disallowed is http to http access and http to https access. In all cases, access will be denied if either of these two restrictions occurs.

Accessing Data Across Zones

Cross-zone access of data is allowed only in cases where more trusted zones are accessing data from less trusted zones. This allows intranet applications to access data on the intranet and on the Internet. The following table describes which zones have access to which other zones when the "Access data sources across domains" setting is set to Enable or Prompt (although Local isn't an official zone, the parser treats files on the local computer as if they are in their own zone).

Originating zone
Destination Zone
LOCALINTERNETLOCAL INTRANETTRUSTED SITESRESTRICTED SITES
LOCALAccess GrantedAccess GrantedAccess GrantedAccess GrantedAccess Denied
INTERNETAccess DeniedAccess GrantedAccess DeniedAccess DeniedAccess Denied
LOCAL INTRANETAccess DeniedAccess GrantedAccess GrantedAccess DeniedAccess Denied
TRUSTED SITESAccess DeniedAccess DeniedAccess DeniedAccess GrantedAccess Denied
RESTRICTED SITESAccess DeniedAccess DeniedAccess DeniedAccess DeniedAccess Denied


Back to topBack to top

Did you find this topic useful? Suggestions for other topics? Write us!

© 1999 Microsoft Corporation. All rights reserved. Terms of use.