Solved

Client-side Executable from Server-side script

Posted on 1997-06-25
3
200 Views
Last Modified: 2013-12-25
I'm using Perl 5 on IIS 2.0 w/ NT 4.0 and am having trouble
getting my server-side CGI script to launch an executable
on the client system, that resides on the client system.
Can perl/cgi handle this ?  Is it a job for Java ?
0
Comment
Question by:ericzim
  • 2
3 Comments
 
LVL 2

Accepted Solution

by:
mkornell earned 100 total points
Comment Utility
This isn't an issue about Perl, CGI, but about security.

In general, having the server being able to start an executable on the client side is a huge security no-no.  Imagine if you went to my server, and clicked on a link which sent a file, any file, to your machine, then executed it.  I could destroy your hard drive before you could say "I love the Web!"

Netscape made big news last week when a bug was discovered in their browser which allowed something like this to happen.

Java is generally considered the answer if you must have the client end do some sophisticated processing.  (JavaScript or VBScript could also be considered for less sophisticated client-side tasks).  However, Java applets are limited in what kind of access they have to the client's hardware -- a Java applet cannot read from or write to the client's hard drive, for example.

HTH,--mark;
0
 

Author Comment

by:ericzim
Comment Utility
Thanks for the quick reply, Mark.
Yes, I could see the security risk you presented, but the
solution I'm looking for will be implemented on a tightly
controlled Intranet scenario, where mutiny by the server
should be a fairly low probability.

On the technical side, would the Applet HTML tag potentially
do the trick ??
0
 
LVL 2

Expert Comment

by:mkornell
Comment Utility
There's no way to bypass the built-in security precautions.

You could write a Java applet, and load that, if you can live with the limitations imposed on Java applets.

Other possibilities are to write ActiveX controls (if you're using IE) or Netscape-style plug-ins.  These do allow you to do anything you like on the client machine.

--mark;
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
In this article you will learn how to create a free basic website on Bitbucket, a git service provider. Polymer creates dynamic HTML components, which allow more flexibility than static HTML. This tutorial uses Ubuntu Linux but can also be done on W…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now