[sclug] Local execution form web app

Tim Sutton tim at linfiniti.com
Mon Jun 7 09:06:08 UTC 2010


Hi

On Mon, Jun 7, 2010 at 10:58 AM, Neil Haughton
<haughtonomous at googlemail.com> wrote:
> I apologise if this is off-topic-ish, but I would like a general opinion.
>
> I am currently working with a web application that is being developed for
> sale to customers ranging from small companies to corporates. The general
> public will not have access. One of the requirements is to be able to
> execute an arbitrary local executable from within the web app. 'Arbitrary'
> in the sense that the actual choice of executable can be configured by the
> user, the idea that a customer can configure the app to launch some local
> process as part of some action he has taken within the application. The
> configuration can be locked down by the user (eg customer sysadmin) and for
> the most part will be used on an intranet.
>
> A typical use case is to configure the web app to download a text file (say
> some auto-generated report) from the web server and open it in a local text
> editor - but there are no limits on what the local application could ?be.
>

I thought that an integral part of browser design was to prevent the
arbitrary execution of local apps from within the browser context? I
think you can do it using evil microsoft activex technologies but not
from a standard javascript / applet context....or am I wrong?

Regards

Tim


> My instincts are that this will meet with resistance from sysadmins,
> corporates in particular, for security reasons, but then again logic tells
> me that on an intranet and given the ability to lock down the configuration
> so local users cannot tinker with it, this isn't a security issue in the
> first place.
>
> Are there any 'sysadmins' out there who can give me their views on whether I
> am seeing a problem where one doesn't exist, or are my instincts right?
>
> TIA
>
> Neil.
>



-- 
Tim Sutton - QGIS Project Steering Committee Member (Release  Manager)
==============================================
Visit http://linfiniti.com to find out about:
 * QGIS programming services
 * Mapserver and PostGIS based hosting plans
 * FOSS Consulting Services
Skype: timlinux Irc: timlinux on #qgis at freenode.net
==============================================



More information about the Sclug mailing list