Security Considerations: Windows Image Acquisition Automation Layer
This document provides information about security considerations related to the Windows Image Acquisition (WIA) Automation Layer. This document does not provide all you need to know about security issues; instead, use it as a starting point and reference for this technology area.
- Controls Are Not Safe for Scripting
- Configure Security Settings for ASP Access
- Administrator Permission
- Place Registered Applications in Secure Locations
- Do Not Use Underlying Directories or Registry Keys
- Related Topics
Controls Are Not Safe for Scripting
The WIA Automation Layer is not marked safe for scripting. Therefore, proper functionality depends on your security settings.
Configure Security Settings for ASP Access
To function successfully, the RegisterPersistentEvent and UnregisterPersistentEvent methods require Administrator permission. For an example that uses these methods, see Implement a Windows Script Host Script that Runs Automatically in Shared Samples.
Place Registered Applications in Secure Locations
When an application is registered to receive a device event, that application can be run by any user with access to that device. For example, if an application is registered for a scan event, pressing the scan button on a scanner causes that application to run. If the application runs with a higher privilege than the user has, there is a potential security issue.
Do Not Use Underlying Directories or Registry Keys
Windows Image Acquisition (WIA) uses several directories and registry keys internally to store data or information. Do not access these directories or registry keys directly. Instead, use the exposed methods to specify directories for acquired images.
- Getting Started with Samples
- Microsoft Security
- MSDN Library Security Home Page
- Security How-To Resources
- TechNet Security Resources
- Security Considerations for Windows XP Embedded Developers
- Best Practices for the Security APIs