Re: Active X problems was Re: It's COBOL, Jim, but not as we know it...

Arnold Trembley wrote:
Pete Dashwood wrote:
(snip)
After re-reading the above, I thought it might help to provide an
example. Anyone who has MicroSoft Office and/or MS Access installed on
their
system can run the following demo.

Hmmm, I have MS Office pre-installed on my Lenovo PC, but I have never
used it, in order to avoid activating it and paying the license.


Here are 16 lines of standard HTML code. It represents a web page
that has an ActiveX component embedded in it:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml";>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1" /> <title>Show a Windows ActiveX component
</title> </head>
<body>
Here's an ActiveX component embedded in a Web Page... Could you
write this functionality in 16 lines of code?
<p>
<OBJECT
CLASSID="clsid:8E27C92B-1264-101C-8A2F-040224009C02"
WIDTH=300 HEIGHT=200 BORDER=1 HSPACE=5 ID=objDemo>
</OBJECT>
</p>
</body>
</html>


You should be able to cut and paste this code into Notepad and save
it as an HTML file (name it anything .htm or .html)

Double click on it and it will run, if your Browser has been set to
allow ActiveX controls to run. (medium or low security, for IE).

The actual display depends on how your system is configured, but it
is worth looking at.

It works in Firefox provided you have the IE Tab add-in installed.

(Get the Firefox add in here: http://ietab.mozdev.org/ )

In my Firefox it simply displays the two-line prompt. So I pasted the
local file URL into MSIE and it popped up a security warning. I had
to explicitly allow the ActiveX control to run. I guess that means my
security settings are very cautious.

It displayed a pretty calendar, with controls to let me select a
different month or year, from January 1900 to December 2100. Nice. And
No, I could not write that functionality in 16 lines of code.

Thanks for the link to IE Tab in Firefox. I'm not sure if I will
install it, but it's nice to know there are options.


Having run the HTML code above (including the embedded ActiveX
object, which lives on your system and was not downloaded from the
Web), and found that the world didn't end, why not try the
String2Num component for validating numeric strings?

I think one of the problems with Activex is that for many users
(including me) it is difficult to tell if a new control is being
silently downloaded and installed. Sure, I've tried looking at
windows "internet options" and custom security settings, but it's not
always clear what effects they have.

On the other hand, if I were building windows code, or simply
installing an application, I would not have any reservations about
accepting and ActiveX component Pete Dashwood offered.


OK, here's the link:
http://primacomputing.co.nz/cobdata/security.aspx?SourcePage=x&request=S2N

Full details are in the original post to this thread. It is a COBOL
component.

If enough people download it, I'll post the source code publicly. At
the moment 12 people have downloaded it; I'd like to see 20... : - )

Pete.

With kindest regards,

Thanks Arnold, your post made my day : - ) It is good to see people trying
stuff for themselves instead of just accepting what they read in the papers.

Don't worry about components being silently downloaded; that can't happen if
you have a security level other than "low" in place, as you saw.

What CAN happen is that a component which purports to be doing something,
may actually be doing something else as well or instead...

BUT, this is the same risk you take with anything. A program you actually
install COULD be doing something you don't know about (and quite a few of
them are... things like checking for updates and "calling home" which you
weren't aware of when you installed them.)

I realise that people will consider my opinion biased (which it certainly
is... : - )) so here's somethng I found which was written by some people I
don't know and have no connection with:

http://www.netpanel.com/articles/internet/actx-sec.htm

That was written 11 years ago; ActiveX security has been improved out of
sight since then.

Pete.
--
"I used to write COBOL...now I can do anything."


.

Relevant Pages

  • Re: Internet Explorer [WILDPACKET]
    ... How about this setting that was covered in the Windows XP Security ... Use the Group Policy Object Editor to configure the proper Administrative ... Explorer\Security Features\Restrict ActiveX Install ...
    (microsoft.public.windows.group_policy)
  • Re: ActiveX Problem
    ... I have the same problem and it happened in the middle of windows ... install, then I get a failure notice: ... You may have other software installed that is blocking ActiveX content. ... > so certain ActiveX controls will not run, and you've hit one of those ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: ActiveX Self register
    ... For security reasons, inspite of the object safety interfaces, you will ... SafeForScripting and SafeForInitialization (simply 2 keys in the ... when IE promts to Install it. ... I want to install it or not.I click install but the ActiveX is not ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Internet Explorer [WILDPACKET]
    ... I found the link below which may help though there is not a Group Policy ... >>> How about this setting that was covered in the Windows XP Security ... >>> Security Features\Restrict ActiveX Install ...
    (microsoft.public.windows.group_policy)
  • Cant use websites with ActiveX
    ... some websites must install an ActiveX. ... But my damn computer (WinME, ... Some sites say that my security say that I'm not allowing to install ...
    (microsoft.public.windows.inetexplorer.ie6.browser)