I am thinking about having the following use-case:
User installs application on local machine.
User goes to our website, and are presented with many links (choices).
User clicks on a link.
Application starts, with some information contained within the link passed to the application.
Step 4 is obviously a security minefield. The end goal is that the user makes a choice, and if the application is installed, it starts with some information passed to it (ie command line parameters, or perhaps a temp file somewhere on the user's machine)
Can I/ Should I access the registry from javascript? Are there any ideas about how I might go about this? Do you have an alternative suggestion?
Assuming the applications the user installs are also developed by you.
Register a file extension for use by the specific application - then your web links can be links to a file that is downloaded and auto-run by your app. The file could contain details on the defaults for your app to use.
Sort of like how clicking on a .pdf file opens your pdf reader.
As an alternative to the file-extension solution you may want to know about Custom Application Protocol feature. Link is for Windows but there are nearly same techniques on other systems. I can't say if this approach works in every browser but you may want to try it out.
Accessing the registry from JavaScript inside a browser is nigh on impossible for the security implications. To access the registry from the web, I'd imagine you'd have to use a binary (C++ or others) program that can read the registry, but also has an HTTP module to communicate with your server.
Sounds like you might need the Click Once deployement feature for your app. I think once it's installed over http there should be a pretty easy way to launch an executable.
http://en.wikipedia.org/wiki/ClickOnce
Related
With the Round-trip Editing Library for Domino WebDAV for IBM Domino on openntf which should enable me to open an attachment, such as Microsoft Word, edit, and save it back to the server.
I have configure my server with the necessary information but find it difficult to run the WebDocOpenSetup and the WebDocOpen.exe file on my 64bit window system, any idea how i could go about this?
I wrote this piece of code, so let me explain a few of the challenges you will face:
Windows will open anything that starts with http(s) using a webbrowser and not an app. It happily ignores file extension. Thus a different protocol was needed. I opted for webdav:// (like you have skype://, notes://, sap:// )
the helper application (on Windows - or the script for OS/X Linux) simply reacts on that protocol. The installer simply creates the needed registry entries. You could do that by hand
When you start any office application with an URL as parameter e.g. winword.exe https://.....doc the webDAV mechanism kicks in as desired.
The only thing WebDocOpenSetup does is to set some registry keys and register the WebDocOpen.exe as handler for the webdav(s):// protocol. The source code is included, you might need to recompile it for 64Bit
the helper checks the app needed based on the extension and launches it with the url (webdav replaced with http) as parameter
You can save yourself quite some trouble using https with a proper certificate. Self signed won't cut it
There is an article on my blog explaining more of the background
The registry entries are explained here
You might test with a Mac or Linux first to ensure all is working ;-)
Even without the little helper application you can connect using Explorer webfolders (not Internet Explorer, Explorer)
Good luck!
I want to know if it's possible to launch windows applications from a website. If it is possible, how? Sort of like battlelog for battlefield, when a button is pushed it opens an application.
Edit: This is for personal use
Try this:
Make each button be a link to download a company template file for the given application. For example, the "Excel" button would download and the user should be prompted to open it with Excel.
For instance, try clicking one of the links here:
http://www.google.com/#sclient=psy&hl=en&q=template+filetype:xls
Linking to static files on the web server should be sufficient, so long as your server sends the correct MIME-Type or Content-Type.
HOPE it helps!
Take a look at this thread. it should point you in the right direction. In short you can do this in IE using ActiveX objects. But I must warn you that it is a very bad idea
Currently I'm building a local serach engine for network drives that is going to be used in our company.
The search engine is build on top of Solr and Tika. I've build an indexer that indexes Samba-shares over the network which works great and indexes all the directories that are given in a configuration file. However that is not really relevant.
The current problem we have is that the web interface that connects to Solr and delivers the search results will try to serve local file:// files that are links to the files with a absolute or Samba path. But serving file://'s are of course disallowed by browsers like Google Chrome. The error that Chrome gives is:
Not allowed to load local resource: file:///name/to/file.pdf
Which is obvious and logical, however I want to work around that issue and serve 'local' files to our users. Or at least open an Explorer window with the given path.
I was wondering if this is even possible or if there is a workaround available? The server that is going to serve these files is running on Apache or Tomcat (doesn't matter).
Alhtough opening file://'s seems pretty much impossible without the use of browser-specific plugins, I created a workaround by specifying a custom URI-handler combined with a Windows specific application that will open explorer.exe with the given directory.
This is by far not the ideal answer to my question, but I think it is a decent workaround for an intranet search application.
Streaming the file from your application to the browser is a much better idea from a usability and security perspective.
By assigning a MIME type to the stream, the user's browser can decide how best to open and display the file to the user.
By streaming from you application, control of the data can be maintained. The location of the file on you server is not revealed and proper authentication, authorization and auditing are easily achieved.
Assuming Java based upon your use of Solr and Tika:
http://www.java-forums.org/blogs/servlet/668-how-write-servlet-sends-file-user-download.html
We've got an intranet which normally serves all info/documents that appl to the whiole company (employee handbooks, minutes, etc...)
Most of these work by having the web server parse a folder and present the files to the user.
The problem in this case is that the latest folder is restricted to cerain users. As Kerberos is not currently an option, I was planning to side-step the issue and just insert a link which opens up a UNC path:
file://\Server\SecureFolder\
I've just found out that since XPSP2 this hasn't been possible with standard HTML/JS.
Does anyone know of a nother way this can be done? It's internal so I've got a lot of control over the webserver (but domain config changes will have to be justified)
I'm wondering if there's something like .Net or an ActiveX [shudder] solution or similar?
Thanks in advance for any help.
Seems the solution was to do it without Javascript and without the file://
The following works:
Link
We're using the Mantis bugtracker (version 1.1.8), which is based on PHP. To ease the workflow of adding bugs we'd like to add an option to paste screenshots from the clipboard directly into the 'new bug form'.
Screenshots make bugreports much more valuable for developers, so I'd like to make adding them as easy as possible. Preferably without using an external application, but right in the browser.
I've looked all over for a way to add this, but no luck. How do other people do this? Am I missing something obvious?
edit: The bugtracker is a private one, in a small company, so I'd be willing to accept the security risks that for example Java applets present.
There isn't really a way to do this short of using ActiveX, applet or Flash-type technology on the client. Even then, there are numerous security roadblocks. A browser has no easy way to convert stuff from the clipboard into a suitable format for upload to a website, and even if it did there would be security concerns. For example, malicious code in a page could copy sensitive information from your clipboard and send it to the page's site without you even knowing it was happening.
Update: There is a standalone screen capture utility which claims to work with Mantis (and a whole bunch of other bug-trackers). This is probably your best option.
There is a drag n drop image attacher Java applet for Atlassian Confluence which has the functionality you need. It only supports Confluence but as the sourcecode is freely available under BSD you should be able to customize it to your needs.
Forgot the link:
http://confluence.atlassian.com/display/CONFEXT/Drag+and+Drop+Image+Attacher+Plugin
I've managed to build my own solution that works quite well. It places a Java file upload applet on the pages where you'd want to attach a screenshot. The applet has two buttons:
'paste screenshot', which pastes an image from the clipboard into the applet
'upload screenshot', which uploads the pasted image to the /tmp dir on the Mantis server and uses a javascript callback to place the autogenerated filename of the uploaded image into a form field.
Once the form is submitted, a new function in Mantis uses the filename in the form field to move the image from /tmp to the final location and processes the image just like other attachments. If the form is never submitted the uploaded file remains in /tmp and will eventually be purged by the server.
It works well, but has one drawback that I cannot avoid: I'm using Java to get access to the client's clipboard, but that requires breaking the JVM sandbox. Apparently, this can be done if you digitally sign the applet, which requires a rather expensive yearly payment (something like $500) to a company like Verisign (currently free options like cacert.org are still limited in their usefulness).
Another way to allow Java applets access to the clipboard is to create a file called .java.policy in your home or profile directory. This file should contain the following (Replace the domain with the domain that hosts your Java applet):
grant codeBase "http://bugs.example.com/-" {
permission java.awt.AWTPermission "accessClipboard";
};
Thankfully the solution is cross-browser compatible since the JVM always checks the same file regardless of the browser used. Since my solution requires having this .java.policy file on each client computer I don't consider it ideal, but workable in a controlled company environment.
I looked in to this also. No real easy way, so instead I allowed them to upload an unlimited number of files and those files would then be "attached" to that bug. It actually turned out to be better because they can upload screenshot, spreadsheets, word docs, etc.
Like yours, this is an internal only site so security is light. I did this in ASP.Net, but the general idea is that when they are looking at a page for a bug they have an upload box. When they upload something I pre-append it with the bug id. So ScreenShot.jpg becomes 233_ScreenShot.jpg.
Also on that page is a grid (GridView) that is bound to all of the filenames in my upload directory that start with that bug id.
To see what this looks like click here.
For tech-oriented users, there's always to possibility of using Eclipse + Mylyn + Mylyn-Mantis connector.
Then uploading screeshots is very easy:
Screenshot upload http://img216.imageshack.us/img216/246/screenshotattachments1.png