Runing arbitrary code on a remote computer is a security hole for obvious reasons. If you can automaticaly run "Battelfield 2" or whatever, what does prevent you from running something like "rundll32" or any other nasty command that, for example, shuts down the users computer when just clicking a link?
I dont know so much about windows technology, but maybe you can build some kind of launcher using active x components. | [reply] |
According to my /etc/mime.types:
application/x-msdos-program com exe bat dll
But AFAIK most browsers nowadays don't let you execute a program directly from a remote link (for very obvious reasons), which means you'd have to save it to disk anyway.
| [reply]
[d/l] |
I want to be able to have [some kind of web content]
open the "Save File" dialog box so [the user]
can just click "open" and have [arbitrary code
executed on the user's computer].
If you find that this is possible, you should
immediately report it to BugTraq, as it would
be a fairly serious security problem that
would need to be fixed ASAP in a critical
security update.
The closest you can probably
come right now is to create an ActiveX control
that does this, but it will only work in IE,
and the user will have to frob an "install
anyway" button when IE warns them that the
control is untrusted or whatever, and the next
service pack might break it; on the whole, I
do not recommend using ActiveX.
For something
simple like launching a game, it might be much
easier to just provide an .exe file that launches
the game, and instruct the user to save it on
the desktop and then tell them to go to the
desktop and then go double-click the icon on
the desktop. Or you could skip the special
.exe launcher and just tell them what to do to
join the game. That last approach is probably
the most-recommended one.
"In adjectives, with the addition of inflectional endings, a changeable long vowel (Qamets or Tsere) in an open, propretonic syllable will reduce to Vocal Shewa. This type of change occurs when the open, pretonic syllable of the masculine singular adjective becomes propretonic with the addition of inflectional endings."
— Pratico & Van Pelt, BBHG, p68
| [reply]
[d/l] |
You are best off providing the user with installable software that you can then access on their machine. For example, provide an installer that will register a new browser protocol (call it bf2:), and associate it with a client-side command. Then offer links in the form <a href='bf2://servername.com:port'>Server Name</a>. Windows will then call your handler and pass it the URL, which the local app parses and passes on to Battlefield 2.
That's a bit of work, so there is another approach. Ask the user to download an application that can parse a one-line file containing the information needed to join a server, and uses that to launch the game and connect to that game server. Send such a file with a mime type like application/x-battlefield2-connect-script, and either (a) have your apps installer pre-register as the handler for that type, or (b) instruct the user that they will have to select your app as the default action for that MIME type (only the first time).
<-radiant.matrix->
Larry Wall is Yoda: there is no try{} (ok, except in Perl6; way to ruin a joke, Larry! ;P)
The Code that can be seen is not the true Code
"In any sufficiently large group of people, most are idiots" - Kaa's Law
| [reply]
[d/l] |
Yes, it's generally a bad idea to run everything you see on the web, but in this case my users know me in real life and could hunt me down if I sent them a virus. :)
And how is clicking "open" instead of "save" and then running it a security hole? They both accomplish the same thing but the first method doesn't require you to delete the file you saved later. Is it a case of more clicks = more security?
Anyway, this whole project is all about convenience, so the suggestions about giving them the command that they can run themselves kind of defeats the whole purpose. Thanks, though. | [reply] |