This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Webmaster forum > February 2007 > Run an executable on visitor's machine?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Run an executable on visitor's machine?
|
|
| Ed Jay 2007-02-25, 6:16 pm |
| Is there a technique that will allow a visited web page command to run an
executable on the visitor's computer *with* the visitor's prior permission?
What I'm trying to do is run a small application that snaps the image of
part of the visitor's screen and saves the image to a folder on the
visitor's machine when the visitor clicks a button.
Visitor's machine has javascript enabled and PERL is available to do
whatever is necessary.
--
Ed Jay (remove 'M' to respond by email)
| |
| TexasLover 2007-02-25, 6:16 pm |
| On Sun, 25 Feb 2007 09:33:43 -0800, Ed Jay <edMbj@aes-intl.com> wrote:
>
>What I'm trying to do is run a small application that snaps the image of
>part of the visitor's screen and saves the image to a folder on the
>visitor's machine when the visitor clicks a button.
ActiveX does that.
| |
| traderonline 2007-02-26, 2:16 am |
| quote:
Originally posted by Ed Jay
Is there a technique that will allow a visited web page command to run an
executable on the visitor's computer *with* the visitor's prior permission?
What I'm trying to do is run a small application that snaps the image of
part of the visitor's screen and saves the image to a folder on the
visitor's machine when the visitor clicks a button.
Visitor's machine has javascript enabled and PERL is available to do
whatever is necessary.
--
Ed Jay (remove 'M' to respond by email)
Active x is the solution. but it wont support browsers like firefox. running an executable is not recommended and most of the spyware scanners used to block them as malware. | |
| SpaceGirl 2007-02-26, 6:19 pm |
| On Feb 25, 5:33 pm, Ed Jay <e...@aes-intl.com> wrote:
> Is there a technique that will allow a visited web page command to run an
> executable on the visitor's computer *with* the visitor's prior permission?
>
> What I'm trying to do is run a small application that snaps the image of
> part of the visitor's screen and saves the image to a folder on the
> visitor's machine when the visitor clicks a button.
>
> Visitor's machine has javascript enabled and PERL is available to do
> whatever is necessary.
>
> --
> Ed Jay (remove 'M' to respond by email)
I hope this is only on an Intranet. Imagine if you could do that
anywhere? Visit some ranom spoofed address and have it run
"format.exe" or something :) I can think of a 100 security reasons to
why you should never want to do this...
| |
| Ed Jay 2007-02-26, 6:19 pm |
| SpaceGirl scribed:
>On Feb 25, 5:33 pm, Ed Jay <e...@aes-intl.com> wrote:
>
>I hope this is only on an Intranet. Imagine if you could do that
>anywhere? Visit some ranom spoofed address and have it run
>"format.exe" or something :) I can think of a 100 security reasons to
>why you should never want to do this...
Perhaps I didn't adequately underscore "*with* the visitor's prior
permission."
--
Ed Jay (remove 'M' to respond by email)
| |
| Scott Bryce 2007-02-26, 6:19 pm |
| Ed Jay wrote:
> Perhaps I didn't adequately underscore "*with* the visitor's prior
> permission."
How is the browser going to know that it is OK with the user? And if my
kid is using my computer, how is the browser going to know that it isn't
OK with me, even if it is OK with my kid?
I don't think you can really know whether you have the user's permission.
| |
| Dylan Parry 2007-02-26, 6:19 pm |
| Ed Jay wrote:
> Is there a technique that will allow a visited web page command to run an
> executable on the visitor's computer *with* the visitor's prior permission?
Could you maybe use Java? I'm pretty sure that there are methods in Java
that will allow you to create screen shots, although whether they'd work
from an Applet, I don't know.
--
Dylan Parry
http://electricfreedom.org | http://webpageworkshop.co.uk
The opinions stated above are not necessarily representative of
those of my cats. All opinions expressed are entirely your own.
| |
| Brian Cryer 2007-02-26, 6:19 pm |
|
"Ed Jay" <edMbj@aes-intl.com> wrote in message
news:35t5u29r4l9fpgjgl2bb9cur1l3ep3b87g@4ax.com...
> SpaceGirl scribed:
>
>
> Perhaps I didn't adequately underscore "*with* the visitor's prior
> permission."
Answer: simply link to an executable and tell the user to download it, run
it and ignore all the warnings that they get. Give one exe per operating
system that you support.
SpaceGirl's point is a good one. The only time I ever run something I've
downloaded is when I went out looking for a specific application. Otherwise,
its never a good idea to let anything run. There is just too much dangerous
stuff out there for me to ever let active-x controls or executables run. If
your visitors trust you then let them download an exe.
--
Brian Cryer
www.cryer.co.uk/brian
| |
| SpaceGirl 2007-02-26, 6:19 pm |
| On Feb 26, 2:56 pm, Ed Jay <e...@aes-intl.com> wrote:
> SpaceGirl scribed:
>
>
>
>
>
>
>
>
> Perhaps I didn't adequately underscore "*with* the visitor's prior
> permission."
>
> --
> Ed Jay (remove 'M' to respond by email)
I'd still suggest that this is a Really Bad Idea. You really should
find another way of doing it. Anything that enourages a user to run
a .exe from a web page is asking for all kinds of trouble.
Couple of other things to keep in mind:
1) ActiveX may offer a solution, but only for Windows, and then only
for IE on Windows. What about the other 20% of users who are not using
Windows or are not using IE?
2) Again with Java... applets require an extremely large download (the
JVM) and then to be enabled. Recent surveys suggest fewer and fewer
people actually have Java enabled by default these days (not to be
confused with JavaScript, which is something else).
3) You're asking your visitor to trust you... are you trust worthy? I
don't mean this in a funny way; I mean if you visited a web site
yourself and it asked you for permissions to run a Program from your
harddrive, all kinds of alarm bells should be ringing -- especially if
you are a Windows user.
Keep everything inside the browser sandbox; if you need do something
more sophisticated (which does not really need access to the local
file system), do it in Flash (the Flash 9 VM is super-nice and
ultrafast... and not to mention tiny, and installed on 70% of users
machines). If you really must, use Java; but be prepared for a large
number of users to have it disabled or not installed.
| |
| Andrew Thompson 2007-02-26, 6:19 pm |
| On Feb 27, 2:33 am, Dylan Parry <use...@dylanparry.com> wrote:
> Ed Jay wrote:
>
> Could you maybe use Java? I'm pretty sure that there are methods in Java
> that will allow you to create screen shots,
Yes, java.awt.Robot provides screen capture ability.
>..although whether they'd work
> from anApplet, I don't know.
As long as the applet has 'full trust', yes.
This could also be achieved from an application
launched using Java web start (e.g. from a link
in a web page). That would also need to request
(and be granted, by the user) extended permissions,
in order to do a screen capture.
Andrew T.
| |
| Ed Jay 2007-02-26, 6:19 pm |
| SpaceGirl scribed:
>On Feb 26, 2:56 pm, Ed Jay <e...@aes-intl.com> wrote:
>
>I'd still suggest that this is a Really Bad Idea. You really should
>find another way of doing it. Anything that enourages a user to run
>a .exe from a web page is asking for all kinds of trouble.
>
>Couple of other things to keep in mind:
>
>1) ActiveX may offer a solution, but only for Windows, and then only
>for IE on Windows. What about the other 20% of users who are not using
>Windows or are not using IE?
>
>2) Again with Java... applets require an extremely large download (the
>JVM) and then to be enabled. Recent surveys suggest fewer and fewer
>people actually have Java enabled by default these days (not to be
>confused with JavaScript, which is something else).
>
>3) You're asking your visitor to trust you... are you trust worthy? I
>don't mean this in a funny way; I mean if you visited a web site
>yourself and it asked you for permissions to run a Program from your
>harddrive, all kinds of alarm bells should be ringing -- especially if
>you are a Windows user.
>
>Keep everything inside the browser sandbox; if you need do something
>more sophisticated (which does not really need access to the local
>file system), do it in Flash (the Flash 9 VM is super-nice and
>ultrafast... and not to mention tiny, and installed on 70% of users
>machines). If you really must, use Java; but be prepared for a large
>number of users to have it disabled or not installed.
>
I fully appreciate what you've asserted; however, the concern is not
applicable in my situation. Mine is a web-based application accessible only
to subscribers (medical professionals). They perform a diagnostic test in
their offices that generates images on their screens. They need to submit
the screen image to a service for evaluation/interpretation of the
individual test images. I want the user to click on a page button to take
the snapshot. I'm trying to eliminate as much potential error as
possible...did I mention the users are medical professionals? ;-)
I don't want the user to have to install an ActiveX control. Think security
liabilities.
I'm headed toward supplying each of my users with a pre configured copy of
Opera, as it allows me to launch a local executable with a custom toolbar
button.
Thank you, and thanks to all others for their input.
--
Ed Jay (remove 'M' to respond by email)
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|