Coffeehouse Post

Single Post Permalink

View Thread: ActiveXObject
  • User profile image

    , pavone wrote

     No other way to do what I need I'm afraid. Not the method I'd prefer of doing it either, but I'm just the junior code monkey following instructions. 

    Preferably I'd like that message turned off for my site only, an intranet site which only allows access to a few selected people. But any method to turn that message off would work, I'll leave it to the users whether they want to or not. 

    What I'm doing is, reading users' mapped drives to the actual UNC paths so I can copy files from whatever mapped path they select. 

    then please please talk to the boss about this .... point out that multiple developers are all saying this is really not a good idea, some of us have been developing for a *LONG TIME* like over 20 years and we know what we are saying. also one of the folks here who is saying this works for microsoft and knows a thing or two about web servers ....

    I know that in some places there is a trend to "do it all in a web page" as that removes the need to deploy software on desktops and they think that is the way to go... sometimes that is true but not all the time.

    one of the reasons that some folks used to bash Microsoft was they used to just let you run anything you wanted with very little to stop the user from totally f**** ing them selves.

    this is not a good idea,  if you start allowing script on a web page to have local machine access rights then you become wide open to all kinds of evil attacks .....

    if you let it enumerate drives what else can it do ? you might also then be allowing a command to format a drive or delete files or copy stuff w/o asking the user for permsssion.

    please re-think this.