hta security with adodb.stream
From: Reto Ravasio (reto_at_nospam.com)
Date: 07/08/04
- Next message: Torgeir Bakken \(MVP\): "Re: Keeps erroring on GetObject(“winmgmts:”) line"
- Previous message: Monkey: "Re: Keeps erroring on GetObject(Q=80=9Cwinmgmts:=E2=80=9D=29_line?="
- Next in thread: Torgeir Bakken \(MVP\): "Re: hta security with adodb.stream"
- Reply: Torgeir Bakken \(MVP\): "Re: hta security with adodb.stream"
- Reply: Reto Ravasio: "Re: hta security with adodb.stream"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 8 Jul 2004 14:51:27 +0200
I have an old script (hosted in MSHTA) that isn't working anymore on some
machines.
pc1 (W2K-sp3, ADO 2.8, IE6 sp1) I get the following:
'this page is accessing information that is not under its control. This
poses a security risk. Do you want to continue?'
pressing yes results in:
'Safety settings on this computer prohibit accessing a data source in
another domain'
pressing no gives:
'permission denied'
pc2 (W2K-sp3,ADO 2.6, IE5.5 sp1)
works perfectly
pc3 (W2K-sp3,ADO 2.6, IE5.5 sp1)
'This page is accessing a data source on another domain. Do you want to
allow this ?'
pressing yes: works
pressing no results in:
'safety settings on this computer prohibit accessing a data source on
another domain
do you want to continue running scripts on this page?'
pc4&5: (XP Professional & Home latest stuff&patches installed)
works perfectly:
I think that pc1 & pc3 are acting differently because of the different ado
versions. what absolutely confuses me is that some pc's popup typical ie
warning messages. I always thought that MSHTA has a different security
implementation.
Can anyone explain this behavior or has anyone else encountered a similar
problems?
reto
Note:
- all the w2k pc's have 'access data sources across domains' for the local
computer enabled.
- the script is running from a local harddisk.
- there are some variations in installed patches (i'm still checking on
that)
********* httpget.hta *********
<html>
<head>
<script language="javascript">
function HTTPGet() {
var xhtm = new ActiveXObject("Microsoft.XMLHTTP");
xhtm.Open("GET",idSource.value,0);
xhtm.Send();
var shtml = new ActiveXObject("ADODB.Stream");
shtml.Mode = 3;
shtml.Type = 1;
shtml.Open();
shtml.Write(xhtm.responseBody);
shtml.SaveToFile(idDest.value,2);
}
</script>
</head>
<body>
<table>
<tr>
<td>input:</td>
<td><input id='idSource' type="text"
value="http://www.microsoft.com" style="width:200px"></td>
<tr>
<tr>
<td>output:</td>
<td><input id='idDest' type="text" value="C:\temp\test.txt"
style="width:200px"></td>
<tr>
<table>
<button onclick='HTTPGet()'>http Get</button>
</body>
</html>
***********
- Next message: Torgeir Bakken \(MVP\): "Re: Keeps erroring on GetObject(“winmgmts:”) line"
- Previous message: Monkey: "Re: Keeps erroring on GetObject(Q=80=9Cwinmgmts:=E2=80=9D=29_line?="
- Next in thread: Torgeir Bakken \(MVP\): "Re: hta security with adodb.stream"
- Reply: Torgeir Bakken \(MVP\): "Re: hta security with adodb.stream"
- Reply: Reto Ravasio: "Re: hta security with adodb.stream"
- Messages sorted by: [ date ] [ thread ]
