?
Solved

Call activeX dll from webpage.

Posted on 2005-03-09
5
Medium Priority
?
364 Views
Last Modified: 2008-03-10
What I currently have is a VB program on a CD that copys an ActiveX dll to the users computer and registers it using regsvr32.  Then my program is launching a html page that exist on the CD.  From this page I want to be able to call functions in my dll without getting this message "An ActiveX control on this page might be unsafe to interact with other parts of the page.  Do you want to allow this interaction?"  Is there anything I can do so that this message will not appear.  I read something about Iobject safefty but to be honest I didn't understand it.  When I created my dll I used all of the defaults to do so.  
0
Comment
Question by:jstreb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 9

Expert Comment

by:rcarlan
ID: 13511192
You need to mark the ActiveX control as being safe and also sign it.

Marking of an ActiveX control as being safe is simply a promise the developer makes to the user. There are guidelines on MSDN regarding what makes an ActiveX 'safe'. In a nutshell, a safe ActiveX control will not perform malicious acts on a client PC regardless of how it is scripted in the container. A clear example of an unsafe ActiveX control is one that exposes a method to delete a file, where the file path is provided as a parameter. Although the web page you design might not call this method passing in a sensitive file as a parameter, once the ActiveX is installed on a client machine (by your application) somebody else can script the same ActiveX on a different web page and call this method with a critical O/S file as a parameter. Of course there are many examples - they mainly revolve around accessing and changing local resource on the client machine (e.g. files, Registry, etc).

Signing an ActiveX control guarantees the integrity of the delivered package - i.e. the fact that what gets downloaded and installed on the client machine is exactly the same (unmodified) binary that was produced by the original developer. It's a seal, if you want, that tells the user that the packaging was performed by somebody they can trust and nobody tampered with it in transition from the developer to their machine. You need to acquire a security certificate for this from a trusted authority (e.g. VeriSign).

A good article about marking and signing ActiveX controls is this one on MSDN:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaxctrl/html/msdn_signmark.asp

0
 

Author Comment

by:jstreb
ID: 13520107
I actually found an article that answered my question.  
http://support.microsoft.com/kb/q182598/

I can run the function call without prompting the user or having it signed because i am installing the dll from cd.  If a user implements the IobjectSafety interface then a webpage will not prompt the user for the activeX.
0
 
LVL 9

Expert Comment

by:rcarlan
ID: 13520834
Implementing IObjectSafety is indeed one way of marking the ActiveX as being safe.
0
 
LVL 1

Accepted Solution

by:
DarthMod earned 0 total points
ID: 13773341
Submitted to PAQ with points refunded (250)

DarthMod
Community Support Moderator
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn different types of Android Layout and some basics of an Android App.
What do responsible coders do? They don't take detrimental shortcuts. They do take reasonable security precautions, create important automation, implement sufficient logging, fix things they break, and care about users.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…
Progress

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question