Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Safe ActiveX control

Posted on 2003-12-05
2
Medium Priority
?
1,106 Views
Last Modified: 2013-11-20
Hi!

How can I make my ActiveX control marked as safe? I want that the IE allow to run my ActiveX component.
0
Comment
Question by:czekmany
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Accepted Solution

by:
Roshan Davis earned 750 total points
ID: 9882197
I think "Digital Signing" is needed for that...

MSDN says

Digital Signing
==========

Code received via the Internet lacks shrink-wrapped packaging to vouch for its reliability, and users are understandably skeptical when they're asked to download it. A digital signature provides an opportunity for you to reassure them by effectively creating your stamp of approval that states that you created the component and that it will not damage their computer. It creates a path from the user to you, should your software harm their system. (Note that this does not ensure that a control is hazard-free, but it puts your name to your code. Thus, any hazardous software can be traced back to the author.) As a developer of professional Web sites, you want to provide that security to your users.

When you develop software for distribution over the Internet, you work with a third party known as a Certificate Authority (CA) to obtain a digital certificate, which will give users information about you. The CA provides and renews your certificate, authenticates your identity, and handles legal and liability issues for broken security. In addition, the CA typically provides the tools you need to digitally sign your components. Your digital certificate is included with all code you digitally sign and distribute over the Internet.

The default setting of Internet Explorer doesn’t allow software that is not digitally signed to be downloaded to the end user's machine. Thus, It is very important that you obtain a digital signature for software components you intend to distribute over the Internet.


Rosh :)
0
 

Expert Comment

by:DanicekO
ID: 10127604
Rosh:
I doubt this is right answer. There is "downloading" signed/unsigned code and there is running safe and unsafe ActiveX objects. There is also different setting for each cathegory in internet setting (check it out).
Your certificate will mark you software as signed, but not as safe.
There are two parts of this problem. ActiveX objects can be safe/unsafe for inicialization and safe/unsafe for scripting. Safe for inicialization means that your code can be safely inicialized. Safe for scripting means that your code is safe when used by others (your ActiveX can be used by others for their - not good - purposes).
I think this area is full of bugs and nonstandard decission/solutions. And I also believe that system decides if your ActiveX is safe and if it is safe for inicialization or/and for scripting. However there should be two ways how to indicate that your script is safe.
First is to use Component Categories Manager to create entries in system registry. You ActiveX is marked in registry tree with its ID. There should be two entries in this registry key (something like 7DD98501...) - one key for "safe for scripting" and one key for "safe for inicialization".
Second method is to implement IObjectSafety interface. If IE realize that you support this interface, it calls IObjectSafety::SetInterfaceSafetyOptions method to determine if your AciteX element is safe or not.
However this is extremly confusing area. And both method or just ways to try. I doubt there is way how to really force client to recognize your ActiveX as save.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I'll describe -- and show pictures of -- some of the significant additions that have been made available to programmers in the MFC Feature Pack for Visual C++ 2008.  These same feature are in the MFC libraries that come with Visual …
Introduction: Finishing the grid – keyboard support for arrow keys to manoeuvre, entering the numbers.  The PreTranslateMessage function is to be used to intercept and respond to keyboard events. Continuing from the fourth article about sudoku. …
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question