The Dark Knight

My Rating: 

Average: 5 (1 vote)



A follow-up to the earlier Batman Begins.

All IE8 security settings


There are occasions when you have problems with Internet Explorer (IE) having problems with Javascript or plugins that at least partially stem from the browser's security level, for example it can cause Drupal's Ubercart e-commerce module to not let IE users to checkout (a bad thing). For those occasions, here are all of the IE8 security settings listed out in a single table in all their gory detail.

To see them go to the Tools browser menu, click on the Internet Options menu item and then the Security tab, then click Custom Level to see how each setting is adjusted based on the specific security level.

IE Security Settings
Setting Medium (default) Medium-High High
.NET Framework
Loose XAML: enable enable disable
XAML browser applications: enable enable disable
XPS documents: enable enable disable
ActiveX controls and plugins
Allow previously unused ActiveX controls to run without prompt: enable disable disable
Allow scriptlets: disable disable disable
Automatic prompting for ActiveX controls: disable disable disable
Binary and script behaviors: enable enable disable
Display video and animation on a webpage that does not use external media player: disable disable disable
Download signed ActiveX controls: prompt (recommended) prompt (recommended) disable
Download unsigned ActiveX controls: disable (recommended) disable (recommended) disable (recommended)
Initialize and script ActiveX controls not marked as safe for scripting: disable (recommended) disable (recommended) disable (recommended)
Only allow approved domains to use ActiveX without prompt disable enable enable
Run ActiveX controls and plug-ins: enable enable disable
Script ActiveX controls marked safe for scripting: enable enable disable
Automatic prompting for file downloads: disable disable disable
File download: enable enable disable
Font download: enable enable disable
Enable .NET framework setup
: enable enable disable
Access data sources across domains: disable disable disable
Allow META REFRESH: enable enable disable
Allow scripting of Microsoft web browser control: enable disable disable
Allow script-initiated windows without size or position contraints: disable disable disable
Allow webpages to use restricted protocols for active content: prompt prompt disable
Allow websites to open windows without address or status bars: enable disable disable
Display mixed content: prompt prompt prompt
Don't prompt for client certificate selection with no certificates or only one certificate exists: disable disable disable
Drag and drop or copy and paste files: enable enable prompt
Include local directory path when uploading files to a server: enable disable disable
Installation of desktop items: prompt (recommended) prompt (recommended) disable
Launching applications and unsafe files: prompt (recommended) prompt (recommended) disable
Launching programs and files in an IFRAME: prompt (recommended) prompt (recommended) disable
Navigate windows and frames across different domains: disable disable disable
Open files based on content, not file extension: enable enable disable
Submit non-encrypted for data: enable enable prompt
Use Pop-up Blocker: enable enable enable
Use SmartScreen Filter: enable enable enable
Userdata persistence: enable enable disable
Websites in less privileged web content zones can navigate into this zone: enable enable disable
Active scripting: enable enable disable
Allow Programmatic clipboard access: prompt prompt disable
Allow status bar updates via script: enable disable disable
Allow websites to prompt for information using scripted windows: enable disable disable
Enable XSS filter: enable enable enable
Scripting of Java applets: enable enable disable
User Authentication
Login: Automatic logon only in Intranet zone Automatic logon only in Intranet zone Prompt for user name and password

FYI these were obtained from a Windows XP SP3 virtual machine and may behave differently on different versions of Windows.

Synology NAS updates work better in Firefox than Safari


A small thing I noticed this morning is that Safari wasn't able to complete the DSM 3.0 update - after selecting the file and hitting the upload button it didn't proceed any further. Firefox 3.6, on the other hand, had no problem with the task and was only too happy to process the update. Oh, and the DSM 3.0 OS is gorgeous!

Bye bye Dreamhost & GoDaddy, hello HotDrupal, NameCheap & Google


After several hears calling Dreamhost the home for my website, I've moved the site to, a web hosting firm that specializes in Drupal hosting. So far, so good.

My main reasons for the move were:

  • Dreamhost throttled its web server to the point that my site was no longer able to run without throwing errors on 3/4 of logged-in pageviews, which caused rather horrid problems including causing most of the pages to stop work & menus disappear.
  • Dreamhost had no intention of changing this as it is part of their business plan - throttled, limited hosting at discounted rates.
  • While I could have gotten a VPS (virtual private server, kind of like a full server sliced into more manageable pieces) and had more, I didn't want to spend that much nor did I want to have to manage the server itself.

I'd like to say that I've never really had any problems with Dreamhost themselves, they've been very reliable over the past few years, it was just simply that with my site stopped being able to work I had to move elsewhere.

HotDrupal has been really good over the past few days while I got my account set up. They don't offer the earth, like some, instead they offer specialized yet flexible hosting and cover all of the basic needs if you don't specifically need to host a Drupal site.

I also took the opportunity to move the domain registration away from GoDaddy to NameCheap (affiliate link), a company that doesn't need to promote its services with scantily clad female racecar drivers. I've previously moved other domains to NameCheap and this was final one. Again, so far I like their services - lots of features for decent rates and they don't waste your time with tons of obstructive & annoying sales pitches on what felt every single page load like GoDaddy does.

Lastly, I've moved the domain's email hosting to Google Apps, just so that I could separate email from the website hosting, which will give me more flexibility to move it around as necessary, and avoid filling up my disk quota with my gb's of IMAP email.

I'll let you know how it goes.

Thanks to Dave Reid for the NameCheap recommendation.


Subscribe to Front page feed