We have a legacy software package made for native Windows. I'm writing a system to automate installing updates. One of the options is for the client to visit a web page, and from that web page, check for updates to their installation. There are two ways of identifying the software version: either reading a particular EXE file and looking at its file version, or reading the registry for our software (actually the third way is reading from their SQL Server database but that's obviously out of the question). Either of these methods would work, but I have no idea how to do it from javascript in a browser.
I'm sure there is some security, but I have seen other systems do this, so I'm sure it's possible. In general, the web page can check the client's computer for existence of certain software, and if it exists, check for the version. How can I do this from Javascript?
In MaVRoSCy's comment above: "only in IE this is possible with some ActiveX help, except if you run a dedicated local server just to serve this functionality". This actually fits perfectly, because each client computer already has a Windows Service running in the background at all times.
A simple HTTP server can be added into this client service listening on a universal non-common port number such as 16580. This HTTP server can handle requests like /currentversion which returns the current application version.
The javascript on the web page (hosted elsewhere but viewed on that client's browser) calls http://127.0.0.1:16580/currentversion to obtain the latest version.
One of the options is for the client to visit a web page, and from that web page, check for updates to their installation
Bad idea and wrong methodology
Checker|Updater have to be embedded into app
Checker have to (on start|on demand|whatever)
identify build of local app (any usable way)
Get && parse external permanent URL with data of Latest Existing Build (at least version and URL of Build)
Inform, if needed, about new version and|or download|update core, if requested by user|configuration
Related
I do not want to allow Web Debuggers such as Charles Proxy, Fiddler, Wireshark, etc while using my Node JS application. I'm not fully sure what's the best way to do this. Is there a way to detect when a new program is launched in node, and then check if it's a web debugger?
I just don't want people intercepting requests sent from the node app.
I have tried getting all running processes on user's computer, and if any are a web debuggers, close my app, but this requires checking the running processes every couple seconds.
There is no effective way for you to do this. There are more debugging tools than you could imagine to check for, and there are ways that they could be hidden beyond your ability to detect (like running them on another computer, or running your application inside a virtual machine). Besides, your application is written in an interpreted language -- any user savvy enough to use a debugging tool could just as easily open up your application and remove the code that was supposed to disable their tools.
You haven't gone into much detail about why you're trying to do this, but the fact that you're asking is a sign that your application may be structured incorrectly. If your application is communicating with a server, any access controls (e.g. on what information the client has access to, or on what operations it can perform) should be implemented on the server -- the fact that the client can "see" what is going to and from the server should not compromise the security of your system.
That is impossible! Browser is a software, just like Charles Proxy, Fiddler, Wireshark, etc ...
I need your help regarding node.js. I just finished a course and I want to run my code on a web hosting.
The problem is, that when I upload it per ftp, I won't see it as website (even though it has html tags in it) but as code. Is it because the web hosting isn't compatible with node.js? Or is there anything I should do beside requiring express?
Is there anything I should install or do?
The code works totally fine if I go through localhost.
Thank you a lot in advance!
TheGabornator
Is it because the web hosting isn't compatible with node.js?
Yes.
Is there anything I should install or do?
If your only access to the host is via FTP or some web based UI, then you almost certainly need to change host. You're unlikely to have a host which lets you run Node.JS applications unless they offer you full shell access.
You need either a host which explicitly supports Node.JS or one which gives you full shell access and allows you to install software (such as a virtual machine or dedicated server).
In our web application, we using a Java applet to invoke MS.Word application by jacob jar e.g. Word to open, edit, and when it saves automatically it uploaded to the server.
Google Chrome will no longer support NPAPI, so soon we can not run our applet in Chrome anymore.
So, any suggestions for an alternative for the Java applet. We want to make the same experience for the user, just like before.
We have the same problem. With Webstart is not longer possible to do that communication. We are going to use Websockets between webstart application and browser. Our first attempt is to start a websockets server in the webstart and make browser connect to localhosts. If this is not possible for security limitations in the browsers then we are going to do it through the webserver, browser and webstart application connecting to the webserver and exchanging messages.
I can see 2 distinct possibilities.
Create a standalone application that "wraps" your web application using a technology such as electron. You can then do your browser to desktop integration as you like. This will require an install on the client.
Launch a webstart application (or it could really be any installation that happens on the client). It will need to start a webserver, or connect to a webserver and communicate via http.
I'm saddened by the loss of the Applet. It is a technology not easily replaced. And another methods seem somewhat like 'workarounds'. There is no easy, cross-browser way to break out of the browser sandbox and access the system.
For myself, the loss of the Applet has simply meant that automating some of these processes has become too difficult and it is just better to find an alternative way of achieving a similar end result.
A small note: If you are starting a local webserver, be mindful of security. It can be accessed by other processes on the system. Wouldn't it be fun to open word on anyone's system by sending a request to a port!
I need a database storage system for Javascript where the state can be maintained on the local disk.
Here comes the spanners in the works :-
It only needs to support Internet Explorer but the minimum version must be IE6
Files need to be written so they can be read in again later (upon closing and re-opening of browser)
There can be no web server (unless it's extremely easy to distribute and does not require a install) since the HTML pages will be distributed on USB.
Does anyone know of any solutions that might help here?
Have fun playing with userData. Apparently it does what you want in IE6/7
Then localStorage for IE8/9
Or you can use the heavier store.js which does the feature detection for you and apparently works in IE6+.
It should work in IE9 but no garantuees. I would recommend store.js as it's easier for maintenance and just works out of the box. You can also support other browsers that way.
I don't know if it's supported in IE6, but JScript appears to have some level of support for this through FileSystemObject.
var fso = new ActiveXObject("Scripting.FileSystemObject");
var a = fso.CreateTextFile("c:\\testfile.txt", true);
a.WriteLine("This is a test.");
a.Close();
According to Write binary data with FileSystemObject write(), ADODB.Stream appears to be an alternative.
For strictly local IE work use HTA Applications. Then you can access local resources (text files, ADO databases) without security problems.
try to read this post: Read/write to file using jQuery
Hope this helps.
I would suggest that you not try to read/write using JavaScript but instead head down the road of embedding a small web server on the USB drive. I did this for an app once and it worked out well. I used the Cassini web server.
I created two projects in visual studio. First, I created an ASP.Net web site to read/write from an SQLite database. This site displayed all my content and was built just like any other ASP.Net site. Second, I created a Windows Forms application that hosted the Cassini web server and presented the user with a form that contained a single web browser control. This made the user experience very simple ... they just clicked MYAPP.EXE from the root of the USB drive and the form opens, starts the web server, and navigates the browser control to the start page of the web site.
Let's say I've got a website that works better if a client has installed and logged into a desktop application. I'd like to be able to do 2 things:
Alter the website if they haven't installed the app (to make it easy for them to find a link to the installer)
If they've installed the app on a couple of machines, determine which machine they are browsing from
I'd like something that works on Windows and OSX, on any of the major browsers. Linux is a bonus.
A few thoughts:
Websites can detect if you've got Flash installed. How does that work and could it be used for both of my goals?
Could I just let the client serve HTTP on localhost and do some javascript requests to fetch a local ID? I know google desktop search did something like this at one point. Is this a standard practice?
Thanks!
You can register a protocol from your desktop application (see this). This can be used, for example, to open your desktop application with arbitrary data from the website. You could then have your desktop app send a HTTP request to your webserver, telling it what machine you are on.
You can have a browser plugin (activex for IE or Netscape plugin for the rest of the browsers) that can communicate with the application. When the webpage is loaded, it can try to instantiate the plugin and if it succeeded, it can use it as a proxy to the application. If it fails, then either the app is not installed or the plugin was explictly disabled by the user. Either way, your website should degrade its functionality accordingly.
Update: Forgot to answer your questions:
Flash does it exactly this way. Flash is a browser plugin that is created by the web pages.
You can have a machine ID generated at the application/plugin install time and your plugin can pass that machine ID to the webpage when it is created.
On the topic of using local webserver:
I would stay away from having a local webserver, mainly because of security considerations. It takes quite a lot of work to make sure your local webserver is locked down sufficiently and there are no XSS vulnerabilities that other malicious websites can exploit to make it do stuff on their behalf.
Plus, having a webserver means that either it has to run as a system-wide process, or if it runs as the user, you can have the website interact with only one user's instance of the application, even though multiple users can be logged on and running it at the same time.
Google Desktop Search suffered from both the XSS security vulnerability (though they fixed it) and the limitation of only one user being able to use it on a machine (I don't know if they fixed this one yet, though chances are they did).
Websites can detect if you've got Flash installed.
Actually, I believe a browser can detect if you have the Flash plugin for the browser installed, and webpages can offer "installed" and "uninstalled" option that the browser can choose.
Otherwise, you are asking for a means, by putting some code in a webpage, of being able to analyze a user's home computer, and report what it learned to you website.
Can you say Major Security Hole?
If you can pick a development environment for the desktop app, then check out AIR from Adobe. It lets you develop desktop applications using either html/javascript, Flash, or Flex.
It has API calls you can use from a browser based flash app to see if the desktop based AIR app is installed, what version, etc. You can even launch it and pass parameters from the web app to the desktop app.
http://www.rogue-development.com/blog2/2008/03/interacting-with-an-air-app-from-a-browser-based-app/
Websites can detect if you've got Flash installed. How does that work and could it be used for both of my goals?
it's quite a bit simple, your browser tries to render some additional files, with some specific formats such as flash .swf and I the browser doesn't find installation, then will be start downloading, or you will get the option to download that program.
Flash also uses AC_RunActiveContent.js please take a look at this js, people usually put this on their webpages
if (AC_FL_RunContent == 0) {
alert("This page requires AC_RunActiveContent.js.");
} else {
AC_FL_RunContent( 'codebase','http://download.macromedia.com/pub/shockwave cabs/flash swflash.cab#version=8,0,0,0','width','981','height','635','id','build5','align','middle','src','build5','quality','high','bgcolor','#ffffff','name','build5','allowscriptaccess','sameDomain','allowfullscreen','false','pluginspage','http://www.macromedia.com/go/getflashplayer','movie','build5' ); //end AC code
}