Downloading scripts from the Web or e-mail leaves users vulnerable to security risks because scripts can't be signed. But now developers can use Windows Script Host (WSH) to hash scripts so users can verify their source and safety. With WSH, scripts can be signed or verified using all the same tools ordinarily used to sign EXE, CAB, DLL, and OCX files. This article discusses public-key cryptosystems, the process of signing and verifying scripts in WSH, and several warnings about attacks that could potentially be made against cryptographically secured scripts and ways in which to avoid them.

Eric Lippert

<a href="http://msdn.microsoft.com/magazine/7f9e31dd-e25a-4163-b211-ca1133ed6695">MSDN Magazine April 2001