> > >Right now you'd end up with a screenful of
> > >dialog boxes on the server console.
> > I am looking at making some changes to remove these message boxes for
> > ASP use (see my other message re compiling SwishCtl).
> It could use better error handling for sure.
Yes - as a non-UI ActiveX control it should probably _never_ pop up a dialog
- but I used dialogs extensively for debugging and never got rid of them
There's a more insidious problem that if the swish-e library returns an
the ActiveX functions return an error value - the error value is given to
the ActiveX subsystem
rather than to the calling program this almost always causes IE to crash.
I think maybe SwishCtl should never return an error value to the ActiveX
but rather just use the swish-e error function (getlasterror() ?).
I would have done this in SwishCtl if I'd understood earlier the nature
(severity) of ActiveX errors.
> > I would also like to be able to select a specific index file to use.
> > While this may be unsafe when used on the client side it should be
> > safe when used in an ASP script.
Since building my first SwishCtl database - I've found at least two more
applications for it - so I did make modifications to do this...
> With all that rambling in mind... What I've been pondering is to create
> a registry key for each directory where you would store index files.
> (i.e. multiple IndexLocation entries). (Greg has implemented something
> like this but I've probably not added his patch yet.)
My modifications enabled multiple Indexes to work but there is still a
less pressing problem. Which is that if I have multiple databases they
all have to have the same version of index files!
Currently the setup program will overwrite an older SwishCtl.dll
with a more recent one. So if you have 2 CDs containing SwishCtl
databases with different versions you have to uninstall the new one before
you can use the old one....
I haven't checked whether the swish-e library has a way of checking the
version of the index files - but SwishCtl should probably do this!
>In a hosting
> environment this could be used to provide each user with their own
> SWISH-E index directory in their home directory (perhaps outside the web
> tree). The registry entry might be their username (and only an admin
> can add entries since it's in HKLM). Now, let's say we make IndexFiles
> a list of filenames instead of a registry key. We set forth some simple
> index file naming rules and reject with a fatal error an IndexFiles
> argument which violates the rules. Init might be called like this
> Init("myusername", "docs test etc"). The rules might only allow A-Z and
> maybe a single '.' in the index file names. So, now we can specify the
> filenames within the script but they aren't arbitrary since they are
> restricted to a single directory (and our restrictive filename rules
> prevent .., ..., / type attacks).
I don't think there's much of a problem for ASPs - what the current
registry settings do is that they mean you have to have write access to
the registry to be able to add a new index/database.
There may be an issue if you want multiple we-based users to have their
own personal databases - potentially a user could access the index of
someone elses database... but if this kind of security isn't necessary
then (my) current system will work fine.
The main ActiveX issue as I see it is that as the control is scriptable -
any page you visit on the Internet could contain a reference to it -
they could then try an exploit against your computer by specifying
an index that causes your system to crash or to provide information back to
the attacker - the current code should protect against this adequately...
> As I said, I know almost nothing about ActiveX and you may well have
> some way around all that.
> David Norris
> ICQ - 412039
Received on Sun Aug 31 03:15:07 2003