How to securely call local executable programs in IE

 

Currently, applications on the Internet all adopt the client server model. When a customer initiates a request, the server responds to the request, that is, the request response mode. The most widely used client is the browser's B/S mode. Generally, local executable programs are not allowed in browsers. However, the browser is not allowed to run, which objectively limits the use and function of the browser. To solve this problem, you must securely extend the functionality of the browser. Expand the functions of the browser. One is to use the control or plug-in technology, and the other is to use the mini-program technology. Mainstream browsers on the market, such as IR and Netscape, support these two technologies. Controls or plug-ins are developed in VC, BC ++, VB, delph, and other languages. Generally, small programs are programmed by iava. As we all know, Java prohibits access to the local file system through the "sandbox" mechanism, let alone calling local programs. To call local executable programs through a browser, you need to use the control or plug-in technology.

I. Requirements for secure calling of local programs

To call a local program in a browser, at least two problems must be solved: security and location transparency.

Because the browser runs on the client, security is very important. If security cannot be solved, malicious controls running on the browser may spread viruses and damage the local file system, the computer system is paralyzed and information is leaked. The default security level exists in the browser, and the default security level is intermediate in the IE browser. In this security level, you need to enable the browser to start and run the local executable program. In the early morning, You need to upload the parts and mark them as safe to execute. The second is to digitally sign the control. Marking a control as a safe execution means that you must implement the required iknown interface in the control, and also implement the "Object Security" interface so that the control can work in concert with the browser. To digitally sign a control, asymmetric encryption is used to encrypt the hash value of the control processed by the hash function to ensure the integrity and non-repudiation of the control. If you do not add a security tag or digital signature to the control, you must reduce the security of the browser to run executable programs locally. After the security of the browser is reduced, it seems that the internal network is not a big problem, but to be on the Internet, it opens the door to viruses and hacker intrusion. Unless there are good reasons, generally, the security of the browser cannot be reduced at will.

The so-called location transparency means that the executable program runs normally regardless of its location. Location transparency is no stranger to those who have written controls, and is everywhere in windows. widgets are location-transparent without exception. The solution is to use a 128-bit CLSID for unique identification. CLSID is everywhere on the HTML page and the registry of the system. When using the control, both manual and automatic registration of the system establishes the cling between the CLSID and the control path in the registry. The location transparency is automatically solved through this ing relationship.

You can also use the registry to solve the issue of program location transparency. The ing relationship can be set to the ing between the application name and the runable program path. Use the application name to uniquely identify the executable program. It is equivalent to the CMD of the control. Use the installer to install the executable program, which is equivalent to the control registration. The key values of executable programs installed by the installer in windows are in hkey_localmachine \ Software \ Microsoft \ Windows \ CurrentVersion \ app paths \. It is not difficult to use the popular InstallShield installation software. When you call a local executable program, you can find its installation path in the registry, and find the local executable program by combining the application name and the execution program path recorded in the registry key value, the working principle is exactly the same as the dynamic loading and running of the control.

II. Implementation Mechanism

Use a development tool that supports controls, such as Vc and VB, to develop a control that calls a local executable program, which can be named cyxm-localcallctrl. In addition to implementing the required iknown interface, you also need to implement the IObjectSafety interface, that is, the "Security object" interface mentioned above. Implement a function that calls a local executable program, such as localcall (). After the development is complete, you can use the control by digital signature.

1. IObjectSafety interface

The core of this interface is the following two functions:

Stdmethodimp cyxmlocalcallctrl: xobjectsafety ::
Getinterfacesafetyoptions (
Refiid riid,
DWORD--RPC-FAR * pdwsupportedoptions,
DWORD--RPC-FAR * pdwenabledoptions
),
Stdmethodimp cyxmlocalcallctrl: xobjectsafety: set-
Interfacesafetyoptions (
Refiid riid,
DWORD dwoptionsetmask,
DWORD dwenabledoptions
)

These two functions are just an example of how to implement them using object nesting. If you implement them using object aggregation, it may not look like this, however, the interface parameters and function names do not change. The encoding of these two functions is not complicated. If you do not need to do anything, the function body can simply return the code without writing any code. The reason for writing these two functions is the browser's requirement. when loading the control, the browser needs to call these two functions, that is, the browser requires you to acknowledge that the control you write is safe. This is the technical meaning marked as a security script as described above. In fact, iebrowser supports a lot of interfaces, such as idispatch, IHTML-Document2, ihtmldocument, ihtmlcollection, I-htmlformelement, ihtmlinputtextelement and so on. To expand its functions, you must implement them. For example, this principle is also used in some articles to steal the user name and password of web pages through IE browsers.

2. Digital Signature

To add a digital signature to a control, you must first create a digital certificate. you can apply for a digital certificate from the digital authentication center. If you do not want to pay, and your network does not have a digital authentication center, you can use the tools provided by VC to complete the process. Specifically, you can use makecert.exeto create a digital certificate, cabarc.exeto make a compressed package, and signcode.exe to sign the certificate. After the digital signature is completed, deploy the control to the Web.

3. Use Controls

If you want to use the word.exe word processing software by using a browser, insert the following code and script programs into the page to start. Do not forget to handle fault tolerance, that is, when no executable program is installed in the system, make sure that the browser runs smoothly.

<Object classid = "CLSID: D7D397BA-55D3-45FA-9BF4-
F7a30c311f1a ", id =" yxmlocalcall ", codebase =" http: // www.
Mir.gov/new-hp/yxmlocalcall.cab?version=2, 0, 0 ">
<Param name = "version", value = "65536">
<Param name = "extentx", value = "2646">
<Param name = "-extenty", value = "1323">
<Param name = "-stockprops", value = "0">
<Param name={exekey},value={wlnword.exe ">
</Object>
<SCRIPT>
Yxmlocalcall.exekeypolic“winword.exe ";
Yxmlocalcall. localcall ();
</SCRIPT>

The clsid in the above Code is the control identifier described above. Different controls have different values. Controls of the same function and different versions have different values.