activeX under Linux

Anon

There's way to use activeX under Linux ?

Thanks!

rfrid

No, you'd need to use CORBA. Active-X is a Microsoft only implementation of COM.

parena

Using ActiveX is a security risk, anyway... 🙂 So why bother?

Anon

Using Corba can I access to a function of a DLL ?
What I wish is to use a DLL.
The DLL is in a NT, and I am programming in a Linux.

What do you think?
Thanks

Anon

Nope. Linux has .so files, windows has .dll's I've heard of people using WINE to make dlls work, but I wouldn't try it. The only sure way is to get the source and port to Linux, unfortunatly.

rfrid

Actually, Active-X is a technology that is really a wrapper for RPC. Active-X is used on both server and client. A large majority of the DLLS that make up Windows, NT, and 2K are actually Active-X controls. That's why you can access type libraries and integrate them into your applications.

Client-side Active-X can be encapulated into an Active-X container (IE is one such container). As with any native code it has the full power of the language that creates it, so, yes, if you allow the security setting in your browser to accept Active-X controls, and you agree to install them when they present themselves, then the code can present a risk.

Typically you would only allow "signed" active-x controls to install anyway.

You can do just as much damage with JavaScript and nobody even bothers to discuss that becuase it is such an essential tool for cross-browser applications. Active-X really go a bad name only becuase it is Microsoft Specific and only back when NetScrape was still a contender. With Microsoft owning about 90% of the global browser market now it is much less an issue.

There is also a huge bonus to Active-X in that you can compile your code and hide almost every bit of your client-side code as well as take advantage of all the power of a true programming language on the client.

How this helps.

PARENA wrote:

Using ActiveX is a security risk, anyway... 🙂 So why bother?

Anon

ACtive X belongs on the Intranet, not the Internet.
Whatever may be true about Active-X and security, the fact remains that unless issued from somebody like microsoft.com, nobody will touch an activeX component on the internet in most cases...there are too many stories like this:
http://www.wired.com/news/technology/0,1282,48105,00.html
floating around major news sites for anybody to trust microsoft themselves, let alone your smaller companies site when it utiliizes technology that could compomise their security.

Don\\\\'t get me wrong, active X is awesome for internal company functionality...And can be deployed on the net, so long as the site in no way depends on them. If you build a INTERNET site that depends on it, you have created something that 10% of people can\\\\'t use and another 30% won\\\\'t use. No real site accepts this kind of loss, including Microsoft public sites. MSN.com for instance, is completly W3C standards compliant. If microsoft\\\\'s public sites don\\\\'t depend on ActiveX in any way, that\\\\'s a pretty good sign that you shouldn\\\\'t either.

rfrid

The point I was trying to get across was that Active-X is primarily a server-side technology.

You state: "If Microsoft’s public sites don't depend on ActiveX in any way, that's a pretty good sign that you shouldn't either."

Actually, Microsoft's site is almost 100% Active-X "SERVER-SIDE". Few people use Active-X client-side because the client would need to reset their security setting to allow Active-X to install (and this is unacceptable).

You also state:” If you build a INTERNET site that depends on it, you have created something that 10% of people can't use and another 30% won't use.

On this point, Microsoft's IE browser now has over 90% market share. Therefore, if people were willing to alter their security settings the Active-X could participate in 90% of the global Internet market.

There is an extremely unreasonable level of fear of Active-X out there (especially amongst programmers). It's just code guys. You write JavaScript don't you? You can blow away your entire machine with JavaScript. Why aren't you afraid of that? You don't even have to identify yourself before JavaScript code runs. At least with Active-X there is a well thought out facility to require the signing of Active-X controls which identifies the party responsible for writing the code as they have had to produce evidence of their existence and legitimacy to organizations like Verisign before they could receive a certificate.

I am not trying to recommend development in Client-Side Active-X one way or another, I'm simply trying to pop that fear balloon that hovers over developer’s heads. Other than Java Applets (even there you can get out of the sandbox if you want) there is no code that is safe. Active-X is a powerful technology available for client-side coding and should not be discounted for any reason.

I've developed numerous commercial sites that have deployed client-side Active-X and if the customer (Internet) really wants the service, they'll install the control. If you're just building a standard information site than this is not the technology you should be using anyway because there is little additional functionality or secret code you need to hide just displaying documents. Every technology has its place to serve certain functionality, not client location (Intranet vs Internet).

As for using Active-X server-side, if you ever expect to build a transactional system on Microsoft technology you'll never do it without Active-X because that's what COM+ is all about.

Cheers, Randy

rfrid

Luke is correct I'm afraid. Corba and COM are competing technologies and incompatible.

There is only one thing you can do that I can think of. Run Linux and Win2k/NT on different boxes (of course) and call web pages on each box to perform different chores. That's the easy way. THe more difficult way is to utilize XML and SOAP to pass XML messages to the remote COM components on the Win2K/NT box. It woeks just like calling any COM interface except the interface is exposed as XML and can be interpreted as such. This is a significant part of the .NET initiative.

DLL's though, are natively compiled to the WIN32API and therefore useless on Linux.

Cheers, Randy

Anon

I just thought I'd note also that if you get into making Win and Linux work together through .NET, you may want to check out the Linux implementation of .NET its right here:
http://www.go-mono.com/
its still in its formative phases, but its a good one to watch (C# for linux!!! woo hoo!)

nullseraph

rfrid, you have a very calm and even approach to ActiveX which is pretty surprising for a programmer. However, I think your analysis is a little flawed.

Yes, Javascript could easily destroy your computer, however browser parsed Javascript is very sandboxed. Yes there have been flaws in the sandboxing, but this is a far better approach than ...

ActiveX which is not sandboxed at all. Users are asked to accept a control, mind you they are given no idea of what system privileges this control will access, and then they are free to use their IE compliant websites carefree.

Yes both are powerful technologies that can be manipulated for evil, however one is far easier to manipulate. Microsoft in its endless search to make technology more "user-friendly" seems to turn a blind-eye to security considerations. I'll give you a list ...

Active Desktop
Autoplay
URL linking in ASFs
Ports open by default (NetSend in particular)
and yes ActiveX

MarkR

If you're trying to run it client-side, you could run MSIE under Wine, but don't expect it to work in 100% of cases (This is definitely a very bad idea though).

If you're trying to do it server side, you could use Wine and write a custom ActiveX host application and/or scripting.

But any way you do it is going to be messy and unreliable (Note: how is this different from Windows?)

Mark