Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Work-Around Question

Status
Not open for further replies.

wchull

MIS
Jun 14, 2001
93
US
First let me say that I'm a VBScript writer not a Java Script writer but I think I'll be able to understand.

We have an application that requires a work-around for a GUI interface problem. The problem with the work around is that it must be initiated from within IE and the code needed to fix the problem opens an instance of ActiveXObject. Here's a snippet of code:

var myShell = new ActiveXObject("WScript.Shell");
var strExe = this.BusComp().GetFieldValue("FullPath");
var strExeWinStyle = this.BusComp().GetFieldValue("WindowStyle");
ar strCommand = strQuote + strExe + strQuote + "{TAB}{TAB}{TAB}" + ", " + strExeWinStyle;
myShell.Run (strCommand);

The problem is that with Windows XP, SP2 ActiveXObject is not considered trusted and opens a prompt on screen asking for comfirmation that it is OK to execute the command and this is not acceptable to the user community. As a work-around to the prompting issue, the application vendor suggested that a modification to the Wscript.Shell CLSID be made to the registry that would make any shelled execution be "Trusted for Scripting" and "Trusted for Initialization". At this point, our IT Security department is concerned about the implications of doing this as it seems to open a vulnerability on our workstations.

So....... Does anyone know of another way to allow this code to run on the machine without the prompt but without having to change the context of Wscript.shell?

Any help would be appreciated.

 
I very much doubt you'll be able to circumvent this using JavaScript - after all, if your nice app can do it in code, then any nasty malicious app could as well.

I'd suggest one of two courses of action:

1. Ask in the Windows XP or Browser Issues forums about how you might be able to tweak your IE settings to allow certain scripts from certain trusted domains to be run. Hint: put a more descriptive title together, as "Work-Around Question" really doesn't give much away.

2. Tell us what the GUI problem is as it is possible that it can be fixed in another way.

Hope this helps,
Dan



Coedit Limited - Delivering standards compliant, accessible web solutions

[tt]Dan's Page [blue]@[/blue] Code Couch
[/tt]
 
Thanks for the heads-up on posting the issue on those other forums. My initial thought, since I'm not a JavaScript coder was that this was a scripting issue and that perhaps a different coding technique might be used to work around the issue.

Unfortunately, I am not the real owner of the issue. I was brought into the discussion as our IT Secuirty Department was having a tough time understanding what the owner was proposing and they wanted someone that understood scripting to review the proposal and come up with another alternative if I knew of one. I know the problem is in reference to Siebel 8.0.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top