Re: Embedding Simple MFC GUI app into website


"Daniel James" <wastebasket@xxxxxxxxxxxxxxxx> wrote in message
news:VA.00000f35.37063a76@xxxxxxxxxxxxxxxxxxx
In article news:<#C63F886GHA.4996@xxxxxxxxxxxxxxxxxxxx>, Pete Delgado
wrote:
Without your permission?

I suggest that you try to download an ActiveX control from the Microsoft
web site and see what happens. Unless you have modified your
configuration for IE I believe that you will be notified that the web
page wishes to load the control.

Yes, it does.

The message says something like "Do you want to allow ActiveX controls to
run?"

I would like to see instead "The web page you are loading wants to run the
UsefulWidget ActiveX control from GoodWidgets Corp.. The control is
already
installed on your computer and has a valid code-signing certificate. Do
you
want to allow this site to use that control?".

I'd like to see buttons marked "Yes, just for this session", "Yes,
always",
"No, not in this session", "No, never", "No, and delete the control", and
"Show me the code-signing certificate chain for this control".

Just having one pop-up that says "Is it OK to run potentially evil code on
your computer now?" is stupid!

I *totally* agree. Other options such as a true sandbox of restricted
credentials for the controls would also be useful.


My big problem with such technologies is that the users become so
accustomed to clicking "OK" and "Accept" on the numerous security
dialogs and prompts that Windows throws at them, that they inadvertently
accept controls and downloads that they really shouldn't because they
just want the dialogs to go away.

It is, as I said above, worse than that. The user can't even see *what*
control the system is asking about.

I believe that ActiveX still has a place but that in *most* cases that
it is proposed there is indeed a better, safer solution that provides
the required functionality.

ActiveX certainly has a place ... it's very useful to be able to write GUI
widgets and other controls as pluggable components, and ActiveX is just
the
COM way of doing that. The problem is that that technology is used
inappropriately in online content.

I think that we were using the term ActiveX in the sense that it was
originally used in 1996 as OLE controls that were optimized for the internet
and hosting within IE. Microsoft has renamed it's component technologies so
often it's difficult to keep track!

-Pete


.