Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

MDAC 2.8 security problem using Data Access Pages.

Posted on 2007-11-15
12
Medium Priority
?
342 Views
Last Modified: 2013-11-27
I've created some web pages that display infomation about orders. The page and the database are hosted on a Windows 2000 server running IIS 5.0. When the page is loaded from a any computer you immediatley get error messages and you have to download Microsoft Office web components. After installing the Web Components the page is loaded and it displays an error suggesting you add the site to your trusted list in the Internet Options/Security Tab. After this is done then we get the message "This web site uses a data provider that may be unsafe. If you trust the website, click OK, otherwise click cancel". After many days searching the google I find that this is as good as it gets. The code that triggers this warning is hardwired into the MDAC 2.8 and above.

Is there a way to have the web page close the warning box? I realize that this may not be accepted on a security level of thinking, but this is an internal website developed in house and the only people getting on it are employees.

I'm thinking that the page will load and a script will start to loop. The only way out of the loop is for the window to lose focus (when the warning comes up). This event will trigger a Function that reads the message in the warning box and IF it matches the above warning text THEN close the window, ELSE do nothing.

Thanks for Your Help.
nukewarm
0
Comment
Question by:nukewarm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
12 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 20294250
Hi, have you tried just adding the Intranet site address to your Trusted Sites list?

Regards,

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20294257
Oh, didn't read the whole question....ignore that....
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20294301
Although, within your Trusted Sites zone, click Custom Level and check what the "Access data sources across domains" level is...

Regards,

Rob.
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:nukewarm
ID: 20294606
What if there are thousands of computers with users of varying, mostly low, capabilities? Plus, this is all done in workgroups.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20294624
Oh, in a workgroup environment?  If you were using a domain, I was going to say that this can be pushed out by Group Policy......perhaps in a workgroup you'd have to run a script to push this out....but it would probably have to modify the registry of each user....

But first, has it worked the way the you want in one computer (using a user account with normal priviliges)?

Regards,

Rob.
0
 

Author Comment

by:nukewarm
ID: 20294629
Your profile says you would know if there is a way to do this programmatikly. Is there? I'm thinking not. THere is probably to much red tape between a web page script and the M$ code.
0
 

Author Comment

by:nukewarm
ID: 20294644
? I'm not sure about the privledged user idea. I created a DAPuseraccount on the webserver and all of the database files and the actual .htm access page are set to the correct privledges. For some reason I'm locked out of my own network at work. I'll first kick the IT guy in the knee and then give it a shot tomorrow.
THanks
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20294651
There should be a way to do it programatically....I'd have to check the relevante registry settings, but first we'd need a way to know what we've changed to get it to work.

Then, how do you normally go about deploying something to all users in your workgroup environment?

Regards,

Rob.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20294662
Ha ha!  Fair enough....hopefully when you get back in we can check some things.

Also, by the normal user, I meant just to the local workstation, because setting the security of the Trusted Sites zone has nothing to do with any one particular web page, and what it runs under....I think all I'm trying to do at the stage is get the control to work on the workstation.....

Regards,

Rob.
0
 

Author Comment

by:nukewarm
ID: 20300026
The workstation gets the same warning as all the other computers if I type in http://localhost/data_access_page.htm. Changing the Internet Explorer setting "Access Data Sources Across domains" to enable eliminates the warning on the workstation and the clients that I've tried it on. So that works I just have to roll it out.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 20308878
OK, cool. So if the warning no longer appears with that setting enabled, you should be able to add this line to your login script that will change the required registry value:

REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings /v 1406 /t REG_DWORD /d 1 /f

for a batch file, or for a VBS file

Set objShell = CreateObject("WScript.Shell")
objShell.Run "REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings /v 1406 /t REG_DWORD /d 1 /f", 0, True

and see if that sets the setting first.  I would run that separately on a machine first, then add it to your login script.

Regards,

Rob.
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 1000 total points
ID: 20308885
Oh, whoops....the registry path is wrong, it should be the following:
REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 /v 1406 /t REG_DWORD /d 1 /f

That information has come from here:
Description of Internet Explorer security zones registry entries
http://support.microsoft.com/kb/182569

Regards,

Rob.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need a simple but flexible process for maintaining an audit trail of who created, edited, or deleted data from a table, or multiple tables, and you can do all of your work from within a form, this simple Audit Log will work for you.
This article shows how to get a list of available printers for display in a drop-down list, and then to use the selected printer to print an Access report or a Word document filled with Access data, using different syntax as needed for working with …
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question