The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

ActiveX control auto-update

I need to write a ActiveX control that is going to be hosted in Internet Explorer, seems like to make sure the user has the latest version of the control, I have to implement auto-update myself(ActiveX technology doesn't seem to provide built-in way of doing this).
I have check both PDF plugin and Flash player, seems like they all implement auto-update themselves. wondering if anyone in this forum has done this before and willing to give some pointers.
thanks!

Tuesday, May 17, 2005
 
 
somre more info, but i googled it now.

<OBJECT id=zzzzz width=320 height=200 CLASSID="CLSID:XXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" codebase="http://xxx.com/blah.cab#version=1,2,27,0">
</OBJECT>

Tuesday, May 17, 2005
 
 
... and should you wish to do so, you can force update by using -1,-1,-1,-1 as the version #.
Fred
Wednesday, May 18, 2005
 
 
Now, one more concern is how do you keep hackers from generating an instance of your control which 'forces' auto-updates, except putting in THEIR code which hijacks the user's computer?

Just a thought.
AllanL5
Wednesday, May 18, 2005
 
 
For this to work, hackers must have access to the www server to...
1. replace the OCX on the server with their own version
2. edit the web page to increase the versionb # and force an update

But then, _any_ software that offers an auto-update feature is at the mercy of this kind of hacking, ie. even if the client app is a fat client, the binaries on the server can be replaced with hacked versions and infect all the client hosts the next time they run. It's not specific to web-page-embedded ActiveX controls.
Fred
Wednesday, May 18, 2005
 
 
Well said.  The answer to the question is way more important than the question itself.  You have shown you have a way to defuse paranoia, and how hard it is to spoof the method you've chosen.
AllanL5
Wednesday, May 18, 2005
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz