Solved

talking to installed programs from javascript

Posted on 2013-12-05
28
335 Views
Last Modified: 2013-12-11
Hi Experts,

I know that browsers in general do their best to prevent you from talking to anything else on your system with javascript.  But let's say you have a native application already installed on a user's machine.  You can make a localhost call to that application to communicate with it with cross-domain scripting.  However, its port can change, so in order to communicate with it, you're left with a number of options:
1-  You're SOL.
2-  You attempt localhost calls and try a number of ports (takes too long).
3-  What else??

Thanks!
Mike
0
Comment
Question by:thready
  • 14
  • 8
  • 3
  • +1
28 Comments
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 142 total points
ID: 39699300
"a localhost call" will try to connect to port 80 where a web server would be listening.  So you would have to have a web server running to connect to anything.  I can't see it working.  That is exactly the kind of thing that browser security is intended to block to prevent outsiders from breaking into your machine.
0
 
LVL 1

Author Comment

by:thready
ID: 39699322
No- you can specify the port- but for obvious reasons - you can't assume (especially) port 80 for your own product...  We already have this working well with cross domain scripting.  Our only problem is that the port can change so we want to be sure we have a way of "detecting" our software running on the user machine.

I'm trying to think of whether there are companies out there that are able to launch their own native app on the machine from their website...  Hmmmm...
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 142 total points
ID: 39699335
Why would the port change in your own software?  Things like Flash and JAVA can be used to talk to the underlying machine though you may have to 'sign' the code to get it to run.  I know that if you go to the iTunes store, it is able to check to see if iTunes is installed on your computer.
0
 
LVL 1

Author Comment

by:thready
ID: 39699347
Right - the idea is just to try not to hardcode the port.  We may have to in the end, but the goal is to find a way not to "have to" for now...
0
 
LVL 1

Author Comment

by:thready
ID: 39699353
good example with iTunes!  I'll try to see what they're doing!  Gotta go install that bloatware now....  Thank goodness for VMs!  :)
0
 
LVL 1

Author Comment

by:thready
ID: 39699373
Protocol handlers...
0
 
LVL 1

Author Comment

by:thready
ID: 39699449
We can use:  OurSpecificProtocol://some/rest/call

Our app would open and be able to respond to this.  But the question is, what happens on different browsers with this type of request?  Can you wrap the call in a javascript try/catch, and if your native app is not responding, fall back to something else?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39699521
I have no idea.  Click on "Request Attention" above to get some more help.
0
 
LVL 70

Assisted Solution

by:Merete
Merete earned 71 total points
ID: 39703778
Well I don't what your trying to achieve with program installed on a local machine and a web page
Anything to do with Video?
An outside idea
Have you looked at Silverlight business.
With Silverlight, developers use their existing skills and environments -- .NET, C#, XAML, VB.NET, WPF, Visual Studio, Expression Blend, Eclipse – to build applications that work on major browsers across Windows, Mac, Linux and native apps on Windows Phone 7.
http://www.microsoft.com/silverlight/business/
Silverlight Media
http://www.microsoft.com/silverlight/
ABOUT
http://www.microsoft.com/silverlight/what-is-silverlight/

Java is being exploited by malware and at high risk these days.
So that may work against you with Microsoft Windows and those Ports.
Securing Your Java Source Code
What actions can I take to increase the security of Java?
http://www.java.com/en/download/faq/security-tips.xml
Beware of increasingly advanced exploits targeting flaws in Java that will never be fixed
Source
0
 
LVL 29

Accepted Solution

by:
Olaf Doschke earned 287 total points
ID: 39704193
What's wrong with hardcoding a port? Main services have a hardcoded port and that's not a problem. If you want to make it configurable, how about storing that port number somewhere you can get at? Eg your installed local app saves it's used port to a mysql database on your website, either by remote mysql access or through an API call. Your javascript then could lookup the current port from your central database. The confidentiality of the port number is compromised between your customer and you, but as you want and need to know the port anyway, that shouldn't be a problem.

To not make the port number a public known secret you can do the API call taking and storing the client side port number encrypted, for example. So the secret stays with you and your customer.

Bye, Olaf.
0
 
LVL 1

Author Comment

by:thready
ID: 39704195
Thanks for your response.  Java and silverlight are not good options for us though, we don't want any downloads in our scenario.  We would basically just like to detect our program if it's there rather than continue in the web page.
0
 
LVL 1

Author Comment

by:thready
ID: 39704197
I agree with you Olaf, but my boss doesn't...  I'm SOL on that one... :-)
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 287 total points
ID: 39704199
You can also get at local store data from javascript and I'm unsure, but a desktop app should also be able to save something in there, too. A single key/value pair is sufficient, you might also use a cookie. Problem is this would all be browser specific.

Bye, Olaf.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 287 total points
ID: 39704202
What are the concerns of your boss in regard of the mysql server solution? Too many traffic to your website? It's just one request SQL query adding to all the ones you will have for the web part of your application anyway.

You can also push this one step further and have a few database holding a number of ports and locations of further lookup databases as fault tolerance/replication of that data.

Bye, Olaf.
0
 
LVL 1

Author Comment

by:thready
ID: 39704274
Yup I thought about storing the ports in a database too, but that idea won't work because of logistics. (Trust me on this, long story)...
0
 
LVL 1

Author Comment

by:thready
ID: 39704280
Local store data? You mean browser specific data stores?

I was hoping the web page could get some info from the machine it's on, maybe get at something that the native app could set as info for it to pick up.  

Like, iTunes web page knowing iTunes app is installed, or Oracle knowing java is installed, or maybe some other good example...
0
 
LVL 29

Assisted Solution

by:Olaf Doschke
Olaf Doschke earned 287 total points
ID: 39704288
Well, I saw your itunes example, don't know how they do it. I assume they use a certain port or bind a self defined protocol to it.

But local store is a core part of HTML5 and all browsers support it today. It's well established. Cookies are of course even older, but both of this is bound to the browser used, there is no browser unspecific local store or cookie folder, each browser has it's own.

If you limit this to work in IE, Firefox, Chrome and Safari it may well be doable for your app to create a cookie in all browser profiles you detect on the system, and that surely can be read from javascript.

Browser automation would be a sure way, if you start your javascript part from your desktop app. That's limited to IE/Windows, though.

Bye, Olaf.
0
 
LVL 1

Author Comment

by:thready
ID: 39704291
Thanks Olaf :-)
0
 
LVL 1

Author Closing Comment

by:thready
ID: 39711219
thanks everyone!
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 39711230
Did you get something to work? With what solution die you and up?
0
 
LVL 1

Author Comment

by:thready
ID: 39711243
I think we're going for the hard coded port.  Not much choice I guess...  :o)
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 39711278
Sorry, this was autocorrection. Set to Herman AS default language.

Die -> did
And -> end

Okay, hardcoded port seems simplest.
0
 
LVL 1

Author Comment

by:thready
ID: 39711300
Fewf!  I thought I was getting death threats for a second there...  ;o)
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 39711330
Herman -> german

My goodness
:o)
0
 
LVL 1

Author Comment

by:thready
ID: 39711378
lol!  I was seriously wondering what you were talking about on that one.. (need coffee #2 though...)  :o)
0
 
LVL 29

Expert Comment

by:Olaf Doschke
ID: 39711400
:) Well, at least you have a funny start into the day.

Bye, Olaf.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now