Triggering programs from a web page
October 25, 2005 1:29 AM Subscribe
Launching programs from a web page without meeting a "save/run" box.
Yes, I know this is a bad idea, but I want to switch my windows desktop to an active desktop with clicky links to trigger programs. Traditionally this means a save/run box appearing but I recall that activex controls can trigger cd-rom drives to eject, so I'm wondering if the same thing can trigger programs and files. Anyone any ideas how?
[Yes, I know the security implications, but this is a firewalled, virus checked machine that never uses IE for external connections and will be running a webpage from an on-machine webserver...]
Yes, I know this is a bad idea, but I want to switch my windows desktop to an active desktop with clicky links to trigger programs. Traditionally this means a save/run box appearing but I recall that activex controls can trigger cd-rom drives to eject, so I'm wondering if the same thing can trigger programs and files. Anyone any ideas how?
[Yes, I know the security implications, but this is a firewalled, virus checked machine that never uses IE for external connections and will be running a webpage from an on-machine webserver...]
Isn't there a pref in IE to switch that off?
Or a check box in the "OMFG are you sure you want to run this?" window that sez something like "Stop asking me this"?
posted by slater at 2:03 AM on October 25, 2005
Or a check box in the "OMFG are you sure you want to run this?" window that sez something like "Stop asking me this"?
posted by slater at 2:03 AM on October 25, 2005
You should be able to just go into the Internet Options and adjust the settings for the "Local Computer" zone so that you can run executables without being prompted. I don't think this would require ActiveX or anything.
Just put a check in the "Pants down!" box. (just kidding...)
posted by Rhomboid at 3:17 AM on October 25, 2005
Just put a check in the "Pants down!" box. (just kidding...)
posted by Rhomboid at 3:17 AM on October 25, 2005
Best answer: Yes, you can choose to trust all controls running on the local computers. It's also a fast way to get P@WNED!1!, since if you accidentally download a nasty applet, then run it, it runs as you.
Better to create the applets, sign them with a key you generate, then trust just applets signed with that key, rather than all applets run from your local computer.
Finally: There's an ironclad rule in Unix: Do Not Run As Root. It applies to Windows as well. Do Not Run As Administrator. Cut your privs back, and only wheel up (or better, use RunAs/sudo) when you really need to.
The less privs something has, the less damage it can do. You get a bum applet running under the "Act as a part of the operating system" priv, you can lose everything. Happens running under a limited user context, and the harm it can do is much less. That's why local exploits matter -- it would let an applet running under a user context to gain administrative context, and then comprimise the computer.
posted by eriko at 4:21 AM on October 25, 2005
Better to create the applets, sign them with a key you generate, then trust just applets signed with that key, rather than all applets run from your local computer.
Finally: There's an ironclad rule in Unix: Do Not Run As Root. It applies to Windows as well. Do Not Run As Administrator. Cut your privs back, and only wheel up (or better, use RunAs/sudo) when you really need to.
The less privs something has, the less damage it can do. You get a bum applet running under the "Act as a part of the operating system" priv, you can lose everything. Happens running under a limited user context, and the harm it can do is much less. That's why local exploits matter -- it would let an applet running under a user context to gain administrative context, and then comprimise the computer.
posted by eriko at 4:21 AM on October 25, 2005
This thread is closed to new comments.
posted by alexst at 1:53 AM on October 25, 2005