About Trevor Reid Expertise I enjoy designing AxtiveX controls in VB6. I will answer developers` questions and assist in the development of controls if needed. I am also building a personal library of controls and may have what you need available.
Experience
Past/Present clients Ingram Micro;First Data Corp;First Empire Corp;Zahee.Com;ElectricWisdom.Com
Question I have created an activeX (*.ocx) for webpage.
But when I opened the webpage, there is security warning form the browser(Internet Explorer).
So the security setting must be set to "low" to display the webpage.why?
what is the solution for this problem?
thanks.
Answer Hi,
The full answer to this question is lengthy, but the short answer is that your control has no security set. You can set the control's security features using the Package & Deployment wizard or you can ignore them for testing purposes. This behavior isn't a result of your code. What follows is an introduction to the complexities of ActiveX security, which you should understand before distributing your control over the Internet.
ActiveX and Internet Explorer support a set of security standards endorsed by the World Wide Web Consortium (W3C). The browser is behaving in the way you describe as part of this safety protocol.
When you distribute ActiveX controls for Internet component download, you must assign safety levels to them. If you do not, and your controls damage users' computers or corrupt their data, you can be held legally accountable if the controls were signed.
When a control is complete and ready for distribution follow these steps assign its saety level. There are two levels to safety in Internet component download:
Safe for initialization
Safe for scripting
When you mark a control safe for initialization, you guarantee that it will not perform harmful actions on the end user's computer, no matter what data or scripts are used in its initialization. A control that is safe for initialization does not write or modify any registry entries, .ini files, or data files as a result of initialization parameters. Safe for Initialization makes no claims about the safety of the control's methods, run-time properties, or the information it makes available to a script writer.
By default, Internet Explorer displays a warning and does not download controls that have not been marked safe for scripting and initializing. You can designate your software as safe for scripting and initialization when you use the Visual Basic Package and Deployment Wizard to package it for Internet distribution.
When you mark a control safe for scripting, you guarantee that no script can cause the control to damage the users' computers or data. Controls marked safe for scripting should not be able to obtain unauthorized information from the users' computers or corrupt their systems.
Before you mark a control safe for scripting, you must verify that it does not perform any illegal activities or allow openings that could be used to cause damage. In general, controls that can automatically obtain any information about the user and expose that information to a script writer are not safe for scripting. Such seemingly innocent activities can be considered criminal acts in some countries.
A Safe for Scripting control should not perform the following actions:
1--Insertion or retrieval of custom, script-defined registry and .ini file information. In other words, users should not be able to specify through a script which registry or .ini file information to insert.
2--Insertion or retrieval of variable registry and .ini file information that is not owned by the control. However, it is acceptable for a control to insert and retrieve registry and .ini file information that is predefined when the control is distributed, belongs only to the control, and exists for the purpose of helping the control manage its internal functions.
3--Reading a file from a hard drive with a name specified by scripting.
Prior to marking a control safe for scripting, it is advisable to create documentation recording the justification, taking the same type of care due any legal contract. It is also advisable to seek review by an independent expert, a developer who understands both the source code and VBScript.
As you can see, determining whether a control is safe is not a trivial exercise. Since you are testing your own controls though you can work around these issues until you decide to share them.
To understand what type of functionality you should not implement in a scripting safe control, you might begin by noting the API calls and commands not implemented in VBScript. See http://www.microsoft.com/vbscript/
There are two ways you can set safety levels for your downloadable components. The easiest way is to use the Package and Deployment Wizard to mark your .cab files as safe. The other option is to use the IObjectSafety interface to tell the client machine that your code is safe. IObjectSafety is an advanced coding topic that requires an understanding of the Implements interface and is intended for experienced programmers. Details are available in documentation for your development tools.
If you do not implement the IObjectSafety interface on your objects, the Package and Deployment Wizard will present you with the opportunity to set safety flags on your download package. You can select the Safe for Scripting flag, the Safe for Initialization flag, or both. For details, refer to the Internet/Intranet/Extranet Services Software Development Kit(SDK) on Microsoft's Web site
