Scott Hanselman

Security in MSXML4 and 80072efd

September 29, 2006 Comment on this post [1] Posted in
Sponsored By

Old news, but it matters to some. If you're using MSXML4 and you get this while doing a POST:

msxml4.dll error '80072efd'
A connection with the server could not be established

It might be because of the tightened security around MSXML 4.0 SP2.

The docs say:

"Security in the implementation of the MSXML 4.0 SP2 ServerXmlHttp object has been enhanced to check the Internet Explorer security policy setting for submitting non-encrypted form data. A security policy setting of "Disable" or "Prompt" for the "Submit nonencrypted form data" option will result in an "Access Denied" error message when attempting to post form data using the ServerXmlHttp object. This is a change that can potentially break existing code that uses earlier versions of the ServerXmlHttp object (such as prior released versions of both MSXML 3.0 and MSXML 4.0) to post form data when the Internet Explorer security policy setting for submitting non-encrypted form data is not enabled."

This might happen if you have an existing application running on, say, Windows 2000, then you upgrade the machine to Window 2003 and get the new MSXML "for free." Remember - know the application stack, the whole stack if you can. The OS is part of the stack, and in this case, XML is too.

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Hosting By
Hosted in an Azure App Service
September 29, 2006 6:35
Ah yes, I've been bitten by this as well. I now have a .reg file to override this new behavior as part of my install.

Comments are closed.

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.