Solved

Parameter passing

Posted on 1997-04-03
6
619 Views
Last Modified: 2013-11-18
I'm building a testing/training application in HTML, to be displayed using MSIE.  All the files are local (i.e., I'm using MSIE/HTML as my engine, but nothing's actually going across the net).  I need to call a testing app from my HTML, and pass it a parameter.  Calling the app is easy, using
HREF = "c:\\......tester.exe".  

However, I can't find a way to pass the app a command line parameter.  I've tried HREF = "...tester.exe?parameter" and HREF = "...tester.exe parameter" to no avail.

tester.exe is a small Visual C++ app.  Calling it from the Win95 run command with a parameter (e.g.  tester.exe  parameter)  works fine.

Thanks for your help.

I'm giving this 100 points, although I suspect that it is either very easy, or fairly difficult.
0
Comment
Question by:guillebeau
  • 3
  • 2
6 Comments
 
LVL 1

Expert Comment

by:pprikryl
ID: 1835986
Calling an .exe from within a browser (using an HTML document) is really strange. This is probably MSIE specific and it is probably related to serious bugs inside MSIE that create security problems. You may use it locally for a while but you should not build any serious application this way. You should think about a different solution because:
1) "c:\\...something.exe" is not valid URL, therefore also your document cannot be valid (validated).
2) Microsoft will probably try to remove security holes in MSIE in future and your application may stop to work, because it is highly probable that they will remove the feature you want to use.
3) The HTML 3.2 standard was released in January and it is highly probable that next versions of clients will try to follow the standard because it defines many common features of the "de facto" HTML standards created by Microsoft, Netscape, and by others. The 3.2 will does not allow things like those you try to use. Nor the previous standards did.

To summarize: you may be a successfull hacker for the near future, but you may be wasting energy for later future as the solution may stop to work.

Petr
0
 

Author Comment

by:guillebeau
ID: 1835987
This answer offers me no help, and is wrong on several technical
points.

Accessing an .exe from a local web page may be strange, but it is not MSIE specific.  Both MSIE and Netscape allow access to
a local file, which is handled by your helper app. An example is an .avi file, which kicks off whatever version of avi viewer your system (Win95, in my case) has configured.

If referencing an .exe from within my HTML is poor form or dangerous, I'd like a suggestion on how best to approach this.  My fundamental problem is that I want to display info using HTML with MSIE, then execute an app to perform a test and report back.  Getting the info back to the user is easy (the app constructs an HTML page and passes it back), but I need a simple way to pass small bits of info from the HTML to the app.

If this is a more difficult problem than I anticipated, I will be happy to increase the points, if another expert feels this is warranted.

Thanks for looking at this.
0
 
LVL 1

Expert Comment

by:pprikryl
ID: 1835988
OK, now both we know our positions better than before. I am going to suggest you the solution. But firstly, I want to make clear the things from my previous answer and your comment.

1) If you can type <a href="c:\\some\\path\\pgm.exe">click here</a> (exactly this way) and if the browser launched the program then something is VERY WRONG because you could offer the user the document with a link like: <a href="c:\\windows\\command\\format.com?c:">click here and don't worry</a> (or you can use similar dangerous system program) -- THIS means the security hole. I almost never read the source of a document to check what will happen when I click a link. Nobody does. Because of this, the browser must ensure that it is NOT POSSIBLE to do such things.

2) Launching the exe and accessing a local document is a completely different story. HTML defines protocol for accessing a local file: <a href="file://c|/path/to/the/somefile.ext">click</a> where the "file:" is written literally and it defines that the protocol for accessing the local document should be used. Notice that the colon after "c" is replaced by bar, because the colon char is used for other purposes in valid URLs.

3) The difference from launching an .exe and .avi is that runnig the exe means to launch independent application which cannot be further controled by the browser. To launch avi means that the BROWSER starts to interpret the avi. This do not start whatever viewer but some specific extension of the browser. If you look into Help - About Netscape..., you can find there "Contains QuickTime(TM} plug-in software developed by Apple Computer, Inc." -- this is the extension for interpreting avi (probably something similar is used in MSIE). In other words, plug-in is a well designed extension of the browser (from the security point of view) that do ensure that nothing wrong will happen with the system. The same way the Java interpreter is built in.

The point 3) is the answer to your question "how should I do it". If you want to be correct and if you do not have a WWW server, you have to write your own plug-in that will replace the functionality of the CGI script which would run on WWW server. The difference is that the CGI is bound to the server while the plug-in is bound to the client. If your program can do only secure things then it is a correct solution. But you have to INSTALL the plug-in to all browsers before it is used for your application. The instalation of the plug-in is the action when the user accepts the possibility that his/her browser capabilities were extended by presumably secure piece of software. However, the plug-in cannot be secure when it allows you to execute whatever program (then you still can do things like "format.com").

I am not an expert in writing plug-ins (this was not a question), but I assume that it may be more difficult than to run a WWW server and write a CGI script, because you must write the plug-in for more browsers and possibly for more platforms while the problems with security in CGI and plug-ins are comparable.
  I positively know that it is possible to write a plug-it which works with both MSIE and Netscape (for example Xara's plug-in for displaying vector images inside your document is freely available at http://www.xara.com/corelxara/plugin.html and they say it works with both browsers).
  I still think that running a WWW server on one old computer in your LAN will bring you fewer problems. Then you can solve the problem using CGI scripts -- you can find many information about how to write them.
  Another (standard) solution is to build the application that has nothing to do with an HTML browser.

See you, Petr
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:guillebeau
ID: 1835989
Petr,

Thanks for your comments, but I don't think we're making much progress here.  Perhaps I haven't been clear with my question.  
My application will not run on a network of any kind.  It will be on a laptop computer that a soldier will take to the field to work on equipment.  This will give him an interactive training manual, with builtin testing applications.  I'm using HTML/MSIE because of their ability to display graphics, video, hyperlinks, etc, and their well-known user interfaces.

At this point, I know I can execute the .exe from either MSIE or Netscape.  The question is, how can I pass that exe a parameter?


The actual line that Claris Home Page generates when I tell it to build a link to a file is as follows:

<P><A HREF="/C:/SEDMlrs/boom/tester/Release/tester.exe">
test<A></P>

This works.  I understand your objections, but MSIE gives me a message box labelled Authenticode Security Technology, warning me that the application has not been authenticated, and asks if I want to continue.  Netscape does much the same thing, unless I register the exe file with it.  BTW, when I changed the above line to HREF= "file://c|... at your suggestion, it had no effect in MSIE, and refused to do anything in Netscape.

Thanks for trying,  but I'm not interested in continueing to argue with you about whether I can do what I'm already doing.  Please let someone else take a shot at this.  
0
 
LVL 5

Accepted Solution

by:
Christian_Wenz earned 100 total points
ID: 1835990
Hi,

I try to look at the problem from  another angle:
I assume you know the parameter that has to be added to the command line.
How about writing an _easy_ plugin? Give the EXE another extension, let's say .ABC; then, define a viewer for that kind of application, and may it be a simple program that does the following:

1) renaming NAME.ABC to NAME.EXE
2) executing NAME.EXE PARAMETER


May this help you?

  Christian
0
 

Author Comment

by:guillebeau
ID: 1835991
Thanks,  Christian.
Your advice solved my problem.

Mike Guillebeau
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
Before we dive into the marketing strategies involved with creating an effective homepage, it’s crucial that EE members know what a homepage is. In essence, a homepage is the introductory, or default page, of a website that typically highlights the …
In this tutorial viewers will learn how add a scalable full-width header using CSS3. Create a new HTML document with an internal stylesheet. Set a tiled background.:  Create a new div and name it Header. Position it with position:absolute at the top…
In this tutorial viewers will learn how to position overlapping items using z-index in CSS. They will also learn the restrictions on the z-index property.  Create a new HTML document with an internal stylesheet.: Create a div in CSS and name it Red.…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now