Solved

Safe ActiveX control

Posted on 2003-12-05
2
1,100 Views
Last Modified: 2013-11-20
Hi!

How can I make my ActiveX control marked as safe? I want that the IE allow to run my ActiveX component.
0
Comment
Question by:czekmany
2 Comments
 
LVL 23

Accepted Solution

by:
Roshan Davis earned 250 total points
ID: 9882197
I think "Digital Signing" is needed for that...

MSDN says

Digital Signing
==========

Code received via the Internet lacks shrink-wrapped packaging to vouch for its reliability, and users are understandably skeptical when they're asked to download it. A digital signature provides an opportunity for you to reassure them by effectively creating your stamp of approval that states that you created the component and that it will not damage their computer. It creates a path from the user to you, should your software harm their system. (Note that this does not ensure that a control is hazard-free, but it puts your name to your code. Thus, any hazardous software can be traced back to the author.) As a developer of professional Web sites, you want to provide that security to your users.

When you develop software for distribution over the Internet, you work with a third party known as a Certificate Authority (CA) to obtain a digital certificate, which will give users information about you. The CA provides and renews your certificate, authenticates your identity, and handles legal and liability issues for broken security. In addition, the CA typically provides the tools you need to digitally sign your components. Your digital certificate is included with all code you digitally sign and distribute over the Internet.

The default setting of Internet Explorer doesn’t allow software that is not digitally signed to be downloaded to the end user's machine. Thus, It is very important that you obtain a digital signature for software components you intend to distribute over the Internet.


Rosh :)
0
 

Expert Comment

by:DanicekO
ID: 10127604
Rosh:
I doubt this is right answer. There is "downloading" signed/unsigned code and there is running safe and unsafe ActiveX objects. There is also different setting for each cathegory in internet setting (check it out).
Your certificate will mark you software as signed, but not as safe.
There are two parts of this problem. ActiveX objects can be safe/unsafe for inicialization and safe/unsafe for scripting. Safe for inicialization means that your code can be safely inicialized. Safe for scripting means that your code is safe when used by others (your ActiveX can be used by others for their - not good - purposes).
I think this area is full of bugs and nonstandard decission/solutions. And I also believe that system decides if your ActiveX is safe and if it is safe for inicialization or/and for scripting. However there should be two ways how to indicate that your script is safe.
First is to use Component Categories Manager to create entries in system registry. You ActiveX is marked in registry tree with its ID. There should be two entries in this registry key (something like 7DD98501...) - one key for "safe for scripting" and one key for "safe for inicialization".
Second method is to implement IObjectSafety interface. If IE realize that you support this interface, it calls IObjectSafety::SetInterfaceSafetyOptions method to determine if your AciteX element is safe or not.
However this is extremly confusing area. And both method or just ways to try. I doubt there is way how to really force client to recognize your ActiveX as save.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction: Finishing the grid – keyboard support for arrow keys to manoeuvre, entering the numbers.  The PreTranslateMessage function is to be used to intercept and respond to keyboard events. Continuing from the fourth article about sudoku. …
Introduction: The undo support, implementing a stack. Continuing from the eigth article about sudoku.   We need a mechanism to keep track of the digits entered so as to implement an undo mechanism.  This should be a ‘Last In First Out’ collec…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now