Solved

detecting activex security settings "script activex controls marked safe for scripting"

Posted on 2004-03-23
7
498 Views
Last Modified: 2007-12-19
I need to detec if "script activex controls marked safe for scripting" is enabled or not.

I found this but it does not test specifically enough becuase I assume shell is not marked safe for scripting :) I am assuming that if I run the same code but trying to instantiate an object marked safe for scripting then I'll have what I am looking for.  The solution is an IE only solution so does anyone know:

a) a better way to test for this?
b) an object marked safe for scripting that should be installed on all/most Windoze installs

on error resume next
set oShell = CreateObject("Shell.Application")
set oFolder = oShell.NameSpace("NUL:\")
if err.number <> 0 then
    document.write "Unable to use CreateObject"
else
    document.write "Able to use CreateObject"
end if


Thanks
0
Comment
Question by:chisholmd
7 Comments
 
LVL 33

Expert Comment

by:sajuks
ID: 10664471
Security reasons dont allow you to check for such properties.
0
 
LVL 33

Expert Comment

by:sajuks
ID: 10664577
// An alernative ethat you can provide to the user...try...catch

<script>
function detectSetting() {
objNet = new ActiveXObject("WScript.Network")
return objNet.ComputerName + " - " + objNet.UserName
}
try {
 document.write(detectSetting())
}
catch(e) {
 if (confirm("Please DO say yes, try again?")) location.reload()
}
</script>
0
 
LVL 3

Expert Comment

by:xp_commander
ID: 10664588
I don't quiet agree to that. When you developing user friendly apps , at times it makes more sense to know clients environment setting, at times just for trouble shooting related purpose, etc.  As long as you not violating the user's security or writing a malicious code, its nothing wrong detecting browser settings.

You need to write an applet , or just buy a ready made product. Check this out , if it interests you :-
http://www.cyscape.com/showbrow.asp?bhcp=1
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 7

Author Comment

by:chisholmd
ID: 10664655
Thanks sajuks, I'll try that. Although I am not sure if WScript.Network is considered "safe for scripting"

The snippet I posted references something that is not marked safe for scripting, so if they allow "safe" but disallow "unsafe" it will just show me "can't create object" even if safe is turned on.   Hopefully Wscript is marked safe because then I'll be able to dicern the difference.

As a note to the pupose; this is part of a subscription app that uses an HTML editing control. If they want to use the app they have to allow "safe for scripting objects"   Right now if they don't allow safe objects they get an ugly error. I want to detect first and provide them a message with how to enable it.

Windows update requires safe activex to be enabled, as does embedded media players etc etc, so I don't think I am asking for unsafe settings so much.

I'll try it now

0
 
LVL 7

Author Comment

by:chisholmd
ID: 10664747
Ya as I though wscript is definitly not marked safe for scripting.

ya see I have an extensive list of detection scripts for my app to detect the presense of various media players, shockwav, etc.   But in those cases I am testing to see if they have one of them installed or not.

In this case I need to test for an object that i am very confident is already installed. wscript is a good candidate in that regard. However I need one that is marked safe for scripting, wscript is definitly not marked safe.

Unfortunetly I don't have the source code license to the 3rd party js I am useing "ActiveEdit" from cfdev.com.  On the server side it creates their object, which has a method that writes the js, so I can't go and add a try around that portion of their code which would be the easiest.

<time passes>

Well I found my answer, If most windows machines have the ado library installed then using the adodb.connnection object works fine. It is marked safe for scripting, so when I try and create it, it will suceed if safe is enabled and fail if it isn't.

Cheers
dave
0
 

Accepted Solution

by:
PashaMod earned 0 total points
ID: 11007184
PAQed, with points refunded (250)

PashaMod
Community Support Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Avoid defining the variables in the global scope; trying to define them in a local function scope. Because:   • Look-up is performed every time a variable is accessed.   • Variables are resolved backwards from most specific to least specific scope…
The task A number given should be formatted for easy reading by separating digits into triads. Format must be made inline via JavaScript, i.e., frameworks / functions are not welcome. So let’s take a number like this “12345678.91¿ and format i…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now