Solved

Safe ActiveX control

Posted on 2003-12-05
2
1,103 Views
Last Modified: 2013-11-20
Hi!

How can I make my ActiveX control marked as safe? I want that the IE allow to run my ActiveX component.
0
Comment
Question by:czekmany
2 Comments
 
LVL 23

Accepted Solution

by:
Roshan Davis earned 250 total points
ID: 9882197
I think "Digital Signing" is needed for that...

MSDN says

Digital Signing
==========

Code received via the Internet lacks shrink-wrapped packaging to vouch for its reliability, and users are understandably skeptical when they're asked to download it. A digital signature provides an opportunity for you to reassure them by effectively creating your stamp of approval that states that you created the component and that it will not damage their computer. It creates a path from the user to you, should your software harm their system. (Note that this does not ensure that a control is hazard-free, but it puts your name to your code. Thus, any hazardous software can be traced back to the author.) As a developer of professional Web sites, you want to provide that security to your users.

When you develop software for distribution over the Internet, you work with a third party known as a Certificate Authority (CA) to obtain a digital certificate, which will give users information about you. The CA provides and renews your certificate, authenticates your identity, and handles legal and liability issues for broken security. In addition, the CA typically provides the tools you need to digitally sign your components. Your digital certificate is included with all code you digitally sign and distribute over the Internet.

The default setting of Internet Explorer doesn’t allow software that is not digitally signed to be downloaded to the end user's machine. Thus, It is very important that you obtain a digital signature for software components you intend to distribute over the Internet.


Rosh :)
0
 

Expert Comment

by:DanicekO
ID: 10127604
Rosh:
I doubt this is right answer. There is "downloading" signed/unsigned code and there is running safe and unsafe ActiveX objects. There is also different setting for each cathegory in internet setting (check it out).
Your certificate will mark you software as signed, but not as safe.
There are two parts of this problem. ActiveX objects can be safe/unsafe for inicialization and safe/unsafe for scripting. Safe for inicialization means that your code can be safely inicialized. Safe for scripting means that your code is safe when used by others (your ActiveX can be used by others for their - not good - purposes).
I think this area is full of bugs and nonstandard decission/solutions. And I also believe that system decides if your ActiveX is safe and if it is safe for inicialization or/and for scripting. However there should be two ways how to indicate that your script is safe.
First is to use Component Categories Manager to create entries in system registry. You ActiveX is marked in registry tree with its ID. There should be two entries in this registry key (something like 7DD98501...) - one key for "safe for scripting" and one key for "safe for inicialization".
Second method is to implement IObjectSafety interface. If IE realize that you support this interface, it calls IObjectSafety::SetInterfaceSafetyOptions method to determine if your AciteX element is safe or not.
However this is extremly confusing area. And both method or just ways to try. I doubt there is way how to really force client to recognize your ActiveX as save.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ORA-01403: no data found 43 106
noX challenge 17 130
how to split multiple lines delimiter : 8 111
Google Analytics 5 63
If you use Adobe Reader X it is possible you can't open OLE PDF documents in the standard. The reason is the 'save box mode' in adobe reader X. Many people think the protected Mode of adobe reader x is only to stop the write access. But this fe…
In this article you will learn how to create a free basic website on Bitbucket, a git service provider. Polymer creates dynamic HTML components, which allow more flexibility than static HTML. This tutorial uses Ubuntu Linux but can also be done on W…
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question