Stephen Turner wrote:
> On Tue, 9 Nov 1999, Jeremy Wadsack wrote:
> >
> > The suggestion I made to Stephen was to make the executable version of the
> > script look in its own directory for a file called anlgform.cfg that contains
> > the location of the analog.exe executable on the Windows system. This still
> > includes a security problem, becaues this file will be readable by the web user
> > and analog.exe must be executable by that user. I don't know of any way around
> > this; any suggestions would be appreciated.
> >
>
> I don't see the problem here. It wouldn't allow the person browsing the
> site to execute analog, even if he knew the location and the web server had
> execute permission, would it?
>
No I realized this and Aengus pointed it out to me:
> I may be missing something, but reading anlgform.cfg, and finding out
> that Analog.exe is in C:\Program Files\Analog\ doesn't seem to be that
> much of a problem.
>
> >I don't know of any way around this; any suggestions would be appreciated.
>
> How about a registry entry? Check for it before looking for ANALOG.CFG, (some
> people won't be able to add a registry key). A few lines of VBScript could be
> provided to create a key with the location of Analog.exe - see attached.
>
So I think we'll include both options (assuming Aengus is willing to do the VBScript
and doc how to use it). I'm going to make a Registry entry override the config file,
so that a sysadmin can set a sitewide standard that can't be overriden by a client. I
think this is the preferrable way to do it (the sysadmins will certainly prefer
this), and since there really is only one place that analog.exe needs to be intalled
that should work.
As for the REgistry key, "HKLM\SOFTWARE\Analog\Anlgform\Path" would it be a good idea
to include a version number in this too? That way different versions of the form can
be installed and find the corresponding version of Analog.
--
Jeremy Wadsack
-------------------------------------------------------------------------
Wadsack-Allen Digital Group Digital Media Publishing Specialists
http://www.wadsack-allen.com/digitalgroup/ +01-520-213-8530
-------------------------------------------------------------------------
------------------------------------------------------------------------
This is the analog-help mailing list. To unsubscribe from this
mailing list, send mail to [EMAIL PROTECTED]
with "unsubscribe analog-help" in the main BODY OF THE MESSAGE.
List archived at http://www.mail-archive.com/[email protected]/
------------------------------------------------------------------------
