Deploying Smart Documents from a Web Server [Office 2003 SDK Documentation]

  • Article

When you deploy a smart document from a Web server, Microsoft® Windows® provides an additional layer of security. In Microsoft Internet Explorer versions 5.0, 5.5, and 6.0, these are referred to as trusted sites. Microsoft Office System applications use these security settings for smart documents that are stored on a Web server. Therefore, if you plan to deploy smart document solutions from a Web server, you should understand how Internet Explorer manages these security settings.

Note  The Microsoft Office 2003 Editions Trusted Sources list is separate from the trusted sites list that Internet Explorer uses for determining whether to run Microsoft ActiveX® controls. However, these two lists share the same root certificate authority trust mechanism, so you can manage distribution of root certificates for Internet Explorer and Office System applications with the same tools.

Internet Explorer Security

When a user opens a smart document with an attached XML expansion pack that is located on a Web server, Microsoft Office Word 2003 first checks to see whether the Web server is located within an intranet zone or is on the Internet Explorer list of trusted sites.

Trusted Sites

If a smart document is located on a Web server that is within an intranet zone or is on the Internet Explorer list of trusted sites, the host application retrieves the XML expansion pack and performs the standard XML expansion pack security check, as described in Security for XML Expansion Packs.

Untrusted Sites

If a smart document is located on a Web server that is neither within an intranet zone nor on the Internet Explorer list of trusted sites, Office 2003 won't retrieve the attached XML expansion pack. Additionally, Office 2003 won't prompt users to add the site to the Internet Explorer list of trusted sites.

Note  New to Office 2003 Service Pack (SP) 1 is the ability to deploy expansion packs over the internet using servers that are not added to the Internet Explorer list of trusted sites. For more information, see Manifest Files and XML Expansion Packs on a Server. However, even with Office 2003 SP1 installed, Office 2003 never retrieves an XML Expansion Pack that is located on a site in Internet Explorer's restricted sites list.

Reference

For more information about Internet Explorer security, see the "Microsoft Internet Explorer 6 Resource Kit" from Microsoft Press.