topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 6:25 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Executing a file from a link  (Read 4644 times)

nharding

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 36
    • View Profile
    • Donate to Member
Executing a file from a link
« on: January 08, 2011, 09:36 AM »
Hi,

I am writing DCDisplay, and one of the things I've added is the ability to scan your hard drive to produce a report. I have a html template that outputs the file, size, thumbnail image, any problems found, any duplicate copies, average resolution, and number of pages. I wanted the links in the report to be "live" so that you can do <a href="file:\\c:\DCDisplay\DCDisplay.exe c:\path\file.cbr">FileName</a> but this doesn't work.

Has anyone got a small webserver service that can be used with <a href="1270.0.0.1:2012:\\DCDisplay c:\path\file.cbr">, for example ,otherwise I can add it to the application, but I think it's something that could be more general (with whitelisted applications, so DCDisplay would have to be registered to run c:\DCDisplay\DCDisplay.exe for example.

Neil Harding

nharding

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 36
    • View Profile
    • Donate to Member
Re: Executing a file from a link
« Reply #1 on: January 08, 2011, 01:07 PM »
Actually thinking about it, I guess it would be possible using a java app to launch the real app, but the java security model would still cause problems.

Neil Harding

nharding

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 36
    • View Profile
    • Donate to Member
Re: Executing a file from a link
« Reply #2 on: January 09, 2011, 08:37 AM »
I've decided to embed a web browser into the application, so it can be used to control the application (selecting a link will open that archive), but I still think it would be useful to be able to start an application from within a html page.

Neil Harding

Ath

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 3,612
    • View Profile
    • Donate to Member
Re: Executing a file from a link
« Reply #3 on: January 14, 2011, 02:33 PM »
I wanted the links in the report to be "live" so that you can do <a href="file:\\c:\DCDisplay\DCDisplay.exe c:\path\file.cbr">FileName</a> but this doesn't work.

Does it help if you use forward slashes instead of backslashes? And I recall a 'file:' prefix needs a triple-slash if a local file is involved, like file:///c:/DCDisplay/DCDisplay.exe bladibla

worstje

  • Honorary Member
  • Joined in 2009
  • **
  • Posts: 588
  • The Gent with the White Hat
    • View Profile
    • Donate to Member
Re: Executing a file from a link
« Reply #4 on: January 16, 2011, 10:37 AM »
Would it be useful? Perhaps. Would it be a gigantic danger? Hell yes. That is why all sane browsers will redflag it and make the user confirm at least once they really want to do some action that falls out of the scope of the website, might be dangerous, etc.

Suppose for a moment it would work without any issues. Calling arbitrary applications just means you open up a can of worms known as scripting for attackers. Even if they can't put files on your computer to call such as batchfiles, cmd.exe can be used to execute simple things without much trouble. Powershell would be even worse.

Do not forget it is trivial for a webpage to have links click themselves or otherwise get executed.

The best way to go about it is to run either your own webclient control like you are doing atm, or to have the webpage be served by a sort of builtin webserver inside your program. That way, calling the link can just load something on this internal builtin webserver which executes the action. This is how the Visual Studio help system works.

nharding

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 36
    • View Profile
    • Donate to Member
Re: Executing a file from a link
« Reply #5 on: January 16, 2011, 11:00 AM »
I know there are problems, which is why I was thinking of server where you could mark programs as safe for remote execution (there are Safe for Scripting activeX objects for example). I just wanted to be able to add an application as safe for scripting. That is why the syntax would be something like "DCDisplay cmd line"  which would search internal list for DCDisplay and call that executable.

That is why I've gone for an internal implementation, and wrote I intercept links, if the link is .html it loads it it and displays otherwise it loads the file and displays it in the main window.

Neil