Re: Automatically Open File After Download?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Joseph M. Newcomer (newcomer_at_flounder.com)
Date: 01/22/05 

Date: Sat, 22 Jan 2005 02:48:10 -0500

And why should I trust your application? If I trust your application, why do I know it is
your application that I'm getting?

This would defeat one of the most important security features we have. If it were
possible, malware designers would have figured out how to use it years ago.

A desire for convenience on your part does not constitute a desire to allow vulnerability
on my part.

I don't believe in allowing ANY executable code to come down via the Internet and execute
automatically. For example, I have disabled all ActiveVirus, JavaVirus, and VBVirus
controls. You are asking for a security hole large enough to drive a freight train
through. Sideways. If it is possible, the first thing every site manager should do is
absolutely positively make sure that it cannot under any circumstances be enabled by
anyone for any reason whatsoever.

In case you haven't noticed, the Internet is a very, very dangerous place. The single most
offensive ability that exists in Web pages is what you are asking for; they call it
ActiveX, I call it ActiveVirus. I have three levels of firewalls stripping it out,
starting with a hardware box. Anyone who cares about security (as opposed to those who
like to make meaningless noises about it, like Microsoft) makes sure that it is never
necessary or possible to run a program that comes in across the Internet.
                                        joe

On Thu, 20 Jan 2005 19:35:58 -0600, "Chuck Sire" <c_sire@yahoo.com> wrote:

> I understand that its good security for the browser to challenge every
>time, but the fact of the matter is that automated download and display is
>convenient and accepted in some contexts.
>
> Whenever you open a .pdf or .doc file, more than likely the document is
>automatically opened by your favorite pdf viewer or word processor, without
>any intervention. This is a risk taken for the sake of convenience.
>
> So yes, I understand why the browser does this by default, but it makes
>sense for my application to override such functionality. They will be given
>the option to utilize this convenient function if they wish.
>
> I still have yet to find a definitive answer to my question. Any help
>would be greatly appreciated.
>
>"Joseph M. Newcomer" <newcomer@flounder.com> wrote in message
>news:5be0v0pfelr37713itcb9801p7f10pb0gj@4ax.com...
>> There is a reason the browser does that. It is called "security". No user
>should do a
>> download without being given the option of what to do.
>> joe
>>
>> On Thu, 20 Jan 2005 03:06:44 -0600, "Chuck Sire" <c_sire@yahoo.com> wrote:
>>
>> >I have a file extension associated with my application.
>> >
>> >What I'd like is when a user downloads a file with my extension, that
>> >instead of the prompt "Save As, Open, etc", I'd like the file to
>> >automatically download and open up in my application.
>> >
>> >Is this possible and if so, what are the registry keys that I have to
>setup?
>> >Is there a class somewhere that could possibly help with this?
>> >
>> >TIA.
>> >
>>
>> Joseph M. Newcomer [MVP]
>> email: newcomer@flounder.com
>> Web: http://www.flounder.com
>> MVP Tips: http://www.flounder.com/mvp_tips.htm
>

Joseph M. Newcomer [MVP]
email: newcomer@flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm

Relevant Pages