• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

Call activeX dll from webpage.

What I currently have is a VB program on a CD that copys an ActiveX dll to the users computer and registers it using regsvr32.  Then my program is launching a html page that exist on the CD.  From this page I want to be able to call functions in my dll without getting this message "An ActiveX control on this page might be unsafe to interact with other parts of the page.  Do you want to allow this interaction?"  Is there anything I can do so that this message will not appear.  I read something about Iobject safefty but to be honest I didn't understand it.  When I created my dll I used all of the defaults to do so.  
  • 2
1 Solution
You need to mark the ActiveX control as being safe and also sign it.

Marking of an ActiveX control as being safe is simply a promise the developer makes to the user. There are guidelines on MSDN regarding what makes an ActiveX 'safe'. In a nutshell, a safe ActiveX control will not perform malicious acts on a client PC regardless of how it is scripted in the container. A clear example of an unsafe ActiveX control is one that exposes a method to delete a file, where the file path is provided as a parameter. Although the web page you design might not call this method passing in a sensitive file as a parameter, once the ActiveX is installed on a client machine (by your application) somebody else can script the same ActiveX on a different web page and call this method with a critical O/S file as a parameter. Of course there are many examples - they mainly revolve around accessing and changing local resource on the client machine (e.g. files, Registry, etc).

Signing an ActiveX control guarantees the integrity of the delivered package - i.e. the fact that what gets downloaded and installed on the client machine is exactly the same (unmodified) binary that was produced by the original developer. It's a seal, if you want, that tells the user that the packaging was performed by somebody they can trust and nobody tampered with it in transition from the developer to their machine. You need to acquire a security certificate for this from a trusted authority (e.g. VeriSign).

A good article about marking and signing ActiveX controls is this one on MSDN:

jstrebAuthor Commented:
I actually found an article that answered my question.  

I can run the function call without prompting the user or having it signed because i am installing the dll from cd.  If a user implements the IobjectSafety interface then a webpage will not prompt the user for the activeX.
Implementing IObjectSafety is indeed one way of marking the ActiveX as being safe.
Submitted to PAQ with points refunded (250)

Community Support Moderator

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now