Re: Embedding Simple MFC GUI app into website

Comments inline:

"Joseph M. Newcomer" <newcomer@xxxxxxxxxxxx> wrote in message
news:d1prh2tap5l5os9ntlod77r1jr774s393t@xxxxxxxxxx
Generally, ActiveX used on Web sites should be referred to by its proper
name,
"ActiveVirus". When used on Web sites, I consider this a fundamentally
evil technology. I
have three layers of firewall that strip out all ActiveVirus and JavaVirus
from Web sites.
Generally, you should assume you have no right to execute anything in any
way on the end
user's machine. The unfortunate presumption that this should EVER make
sense is the
source of nearly all invasive malware.

Joe, I understand that you dislike the technologies you've listed above and
that you have some valid points for your opinion, but to say that a
particular technology is "evil" goes beyond common sense and increases the
liklihood that your warning will be ignored as hyperbole.

In addition, if your firewall is stripping out ActiveX controls, then how
are you using Windows Update? Or perhaps you are back on UNIX? ;)


Do everything server-side. That's safe.

I would say that it's *safer*. The only way to be "safe" is to not use the
web at all! Recall the bug in the jpeg software that Microsoft patched last
year?

Note that possession of a certificate is only
barely acceptable (who verifies that the certificate was issued to a valid
address and
not, say, to a company located on a vacant lot in the Cayman Islands?).

Which is exactly why I stated that the certificate must come from a
"well-known authority". Companies such as Verisign make their living out of
being trusted authorities. If they don't engender trust and confidence,
they go under.


The first thing you should assume when the idea crosses your mind to use
ActiveVirus is "I
am making a fundamental error here" and proceed with that assumption as
the basis of all
decisions.

Which is why I tried to gently lead the OP in a different direction. The
security problems with ActiveX along with the fact that nobody will want to
have to install it should leave the OP with the impression that there is
likely a better solution.


Note that there is a SUBSTANTIAL difference between an ActiveVirus control
and a
full-blown application.

Yes. That is why I asked the OP to elaborate. With the collective
brainpower in the NG, *someone* will likely come up with a safe, clean and
elegant solution to suggest.

-Pete


.