Solved

A RAD Tool to Develop Web Applications Like VB or Delphi.

Posted on 1998-10-18
7
496 Views
Last Modified: 2008-03-06
 I am now building a RAD tool somewhat like VB and Delphi to develop web applications running under IE4.0 ,but I come into some questions,can you help me?
  Here is a most headachy problem: I create a ActiveX Control using VC++ 6.0 for my RAD tool,but when I run it in IE4.0,it always pop up a secure warning dialog box.My question is how to let this dialog box not appearing?
  A second question is whether or not Navigator support ActiveX Control?
  I am waiting for you answer,and maybe I can offer you something about my RAD Tool which is named 'KCOM Space'.
  Thank you!
0
Comment
Question by:linyf
  • 4
  • 3
7 Comments
 
LVL 10

Expert Comment

by:MasseyM
Comment Utility
1) Are you running the ActiveX through a server or is it coming right off the HD?  Please expound a little more on this component of the question..

2) Netscape will not support ActiveX unlesss it has a plugin from NCompass installed... You can go to Netscape and search for the plugin...
0
 

Author Comment

by:linyf
Comment Utility
Thank you, and here is a detail description about my question:

I create an ActiveX Control,and Embed it in HTML like this:

<object classid="clsid:FF930C3E-1699-11D2-98BE-BC50531C9362" width="700" height="412">
 <param name="_Version" value="1.0">
 <param name="_StockProps" value="0">
 <param name="KCOMPageURL" value="C:\hkbs\docs\tb.HKB">
</object>
The Control run in Client site,
and every time I browse it in IE4.0 ,IE first pop up a Secure Warning DialogBox,and say that the control maybe unsecure,and ask whether or not permit initialization and script access.
Having this Messaging box, my ActiveX Control seems unsecure to my user,so I am amxious to know what is wrong with it?
My Control is written using VC++ 6.0 .
By the way, when I use my Control without params like this:
<object classid="clsid:FF930C3E-1699-11D2-98BE-BC50531C9362" width="700" height="412">
</object>
there is no Secure Warning Messaging Box.But because I have to
pass some parameters,so using the control like this is unacceptable.
Can you help me?
0
 
LVL 10

Expert Comment

by:MasseyM
Comment Utility
Just to answer a quesiton of my own, what happens if you dont use your "KCOMPageURL" parameter?  I have a feeling that the reference to the local HD is what is causing the problem.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:linyf
Comment Utility
Thank you ,But when I use the Control without KCOMPageURL parameter,the problem still exist,only when use it without any parameter,can it run properly,why?
Can you mail me ? My email address is linyf@bhm.com.cn .
0
 
LVL 10

Expert Comment

by:MasseyM
Comment Utility
From Microsoft:  

HOWTO: Mark MFC Controls Safe for Scripting/Initialization
Last reviewed: October 8, 1998
Article ID: Q161873
 
--------------------------------------------------------------------------------

The information in this article applies to:
Microsoft Visual C++, 32-bit Edition, version 4.2, 5.0, 6.0
Microsoft Internet Client Software Development Kit (SDK) version 4.0, 4.01
Microsoft Internet Explorer (Programming) version 4.0, 4.01


SUMMARY
By default, MFC ActiveX controls are not marked as Safe for Scripting and/or Safe for Initialization. This becomes apparent when the control is run in the Internet Explorer with the security level set to medium or high. In either of these modes, warnings may be displayed that the control's data is not safe or that the control may not be safe for scripts to use.

There are two methods that a control can use to eliminate these errors. The first involves the control implementing the IObjectSafety interface and is useful for controls that would like to change their behavior and become "safe" if run in the context of an Internet Browser. The second involves modifying the control's DllRegisterServer function to mark the control "safe" in the registry. This article covers the second of these methods. The first method, implementing the IObjectSafety interface, is covered in the Internet Client SDK.

Please keep in mind that a control should only be marked as safe if it is, in fact, safe. Please refer to the Internet Client SDK documentation for a description of this. See "Safe Initialization and Scripting for ActiveX Controls" under the Component Development Section.

NOTE: This article does not cover how to mark a control safe for downloading. For more information on code download and code signing, please refer to the Internet Client SDK.



MORE INFORMATION
Follow these steps to mark your MFC ActiveX Control as Safe for Scripting and Safe for Initializing:


Implement the CreateComponentCategory and RegisterCLSIDInCategory helper functions by adding the following cathelp.h and cathelp.cpp files to your project.


      CATHELP.H
      =========
      #include "comcat.h"


      // Helper function to create a component category and associated
      // description
      HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription);


      // Helper function to register a CLSID as belonging to a component
      // category
      HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid);


      CATHELP.CPP
      ===========
      #include "comcat.h"


      // Helper function to create a component category and associated
      // description
      HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription)
      {
         ICatRegister* pcr = NULL ;
         HRESULT hr = S_OK ;

         hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,
                               NULL,
                               CLSCTX_INPROC_SERVER,
                               IID_ICatRegister,
                               (void**)&pcr);
         if (FAILED(hr))
            return hr;

         // Make sure the HKCR\Component Categories\{..catid...}
         // key is registered
         CATEGORYINFO catinfo;
         catinfo.catid = catid;
         catinfo.lcid = 0x0409 ; // english

         // Make sure the provided description is not too long.
         // Only copy the first 127 characters if it is
         int len = wcslen(catDescription);
         if (len>127)
            len = 127;
         wcsncpy(catinfo.szDescription, catDescription, len);
         // Make sure the description is null terminated
         catinfo.szDescription[len] = '\0';

         hr = pcr->RegisterCategories(1, &catinfo);
         pcr->Release();

         return hr;
      }

      // Helper function to register a CLSID as belonging to a component
      // category
      HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid)
      {
         // Register your component categories information.
         ICatRegister* pcr = NULL ;
         HRESULT hr = S_OK ;
         hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,
                               NULL,
                               CLSCTX_INPROC_SERVER,
                               IID_ICatRegister,
                               (void**)&pcr);
         if (SUCCEEDED(hr))
         {
            // Register this category as being "implemented" by
            // the class.
            CATID rgcatid[1] ;
            rgcatid[0] = catid;
            hr = pcr->RegisterClassImplCategories(clsid, 1, rgcatid);
         }

         if (pcr != NULL)
            pcr->Release();

         return hr;
      }


Modify the DllRegisterServer to mark the control as safe.Locate the implementation of DllRegisterServer in a .cpp file in yourproject. You will need to add several things to this .cpp file. Includethe file that implements CreateComponentCategory and RegisterCLSIDInCategory:


      #include "CatHelp.h"
Define the GUID associated with the safety component categories:


      const CATID CATID_SafeForScripting     =
      {0x7dd95801,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};
      const CATID CATID_SafeForInitializing  =
      {0x7dd95802,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};

   Define the GUID associated with your control. For simplicity, you can
   borrow the GUID from the IMPLEMENT_OLECREATE_EX macro in the main .cpp
   file for the control. Adjust the format slightly so that it looks like
   the following:

      const GUID CDECL BASED_CODE _ctlid =
      { 0x43bd9e45, 0x328f, 0x11d0,
              { 0xa6, 0xb9, 0x0, 0xaa, 0x0, 0xa7, 0xf, 0xc2 } };

   To mark your control as both Safe for Scripting and Initialization,
   modify the DllRegisterServer function as follows:

      STDAPI DllRegisterServer(void)
      {
          AFX_MANAGE_STATE(_afxModuleAddrThis);

          if (!AfxOleRegisterTypeLib(AfxGetInstanceHandle(), _tlid))
              return ResultFromScode(SELFREG_E_TYPELIB);

          if (!COleObjectFactoryEx::UpdateRegistryAll(TRUE))
              return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( CreateComponentCategory(
                  CATID_SafeForScripting,
                  L"Controls that are safely scriptable") ))
                return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( CreateComponentCategory(
                  CATID_SafeForInitializing,
                  L"Controls safely initializable from persistent data") ))
                return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( RegisterCLSIDInCategory(
                  _ctlid, CATID_SafeForScripting) ))
                return ResultFromScode(SELFREG_E_CLASS);

          if (FAILED( RegisterCLSIDInCategory(
                  _ctlid, CATID_SafeForInitializing) ))
                return ResultFromScode(SELFREG_E_CLASS);

          return NOERROR;
      }

You would not normally modify the DllUnregisterServer function for these two reasons:
You would not want to remove a component category because other controls may be using it.
Although there is an UnRegisterCLSIDInCategory function defined, by default DllUnregisterServer removes the control's entry from the registry entirely. Therefore, removing the category from the control's registration is of little use.

After compiling and registering your control, you should find the following entries in the registry:

   HKEY_CLASSES_ROOT\Component
   Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

   HKEY_CLASSES_ROOT\Component
   Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

   HKEY_CLASSES_ROOT\CLSID\{"your controls GUID"}\Implemented
   Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

   HKEY_CLASSES_ROOT\CLSID\{"your controls GUID"}\Implemented
   Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

REFERENCES
Internet Client SDK - Component Development - Safe Initialization and Scripting for ActiveX Controls

 


         
Did this information help answer your question?
 
    Yes     No     Didn't apply
   
Please comment.
Comment can be up to 255 characters.
 
 
 



--------------------------------------------------------------------------------
Additional query words: safety scripting persistence initialization
Keywords : AXSDKControls MfcOLE InetSDKSafeControl kbvc600 kbvc500 kbvc420 kbMFC kbole kbfasttip
Technology : kbole kbmfc
Version : Winnt:4.2,5.0,6.0
Platform : winnt
Issue type : kbhowto


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.  

Last reviewed: October 8, 1998
) 1998 Microsoft Corporation. All rights reserved. Terms of Use.


0
 

Author Comment

by:linyf
Comment Utility
Thank you very much!
That answer is just what I want. Thank you again!
0
 
LVL 10

Accepted Solution

by:
MasseyM earned 50 total points
Comment Utility
Here is the post of the answer.  P.S. Can I preview your program?  email me at masseym@hotmail.com
Thanks.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Due to recent concerns over the inevitable depletion of the current pool of IPv4 addresses and the desire to provide additional functionality for modern devices, an upgrade to IPv6 on my Internet connection was needed for me to explore the world of …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now