Skip to main content.
home | support | download

Back to List Archive

Re: Swish on Windows

From: Greg Ford <greg(at)not-real.reddfish.co.nz>
Date: Sun Aug 31 2003 - 15:58:32 GMT
Hi all (actually only Swish-e developers should read any further)

> On Sat, 2003-08-30 at 22:10, Greg Ford wrote:
> > I think maybe SwishCtl should never return an error value to the ActiveX
> > subsystem but rather just use the swish-e error function (getlasterror()
?).
>...

I think maybe I've just been too lazy. I've taken another look at the code
and
see:
A)  Only two of the ActiveX functions contain MessageBoxes - they can be
removed
easily.

B) Quite a few of the functions return E_FAIL to the ActiveX subsystem
(as I mentioned before this crashes Internet Explorer). Changing all of
these to S_OK would fix this problem - but then SwishCtl would fail to
report some errors at all.

C) The code is relies on an Interface Description (IDL) compiler to publish
the
ActiveX interface - this allows me to specify a return value (by specifying
[out, retval] )
for the functions - but I haven't always done this - particularly for Init()
which should probably pass out the swish-e error code (as retval).

D) In most cases when I'm returning E_FAIL - I should be passing out a
retval of
INVALID_SWISH_HANDLE, in most of the remaining cases - I should pass out
the swish-e error code.
So
  - the enumeration which lists the error codes (in error.h) probably  needs
    to be copied into swish-e.h(?) because (as I understand it) swish-e
    library-users should only #include swish-e.h

> David wrote:
> Could/should the UUID of the new control be changed if the index format
> changes?  Or would the DLL filenames conflict?

The GUID would need to change I think. The ActiveX/OLE system enables
you to define
SwishCtl.CSwishCtl.1
SwishCtl.CSwishCtl.2
etc.
I think I eventually settled on installing the DLLs into the system
directory
(to avoid having ActiveX controls registered on the CD drive!) That means
the
DLL names would need to change for each version SwishCtlX.dll.
Also you've got to watch out - because of
DLL hell - if an older version of a DLL is already loaded (in RAM) and you
run a program
which needs a new version  - Windows reuses the old one and your new
program will crash - I'm not sure if this applies to ActiveX because ActiveX
controls
are loaded by GUID.

> There's a magic number to tell SWISH-E the index is the wrong version.

How do I retrieve that number from the library?

> > I don't think there's much of a problem for ASPs - what the current
> > registry settings do is that they mean you have to have write access to
> > the registry to be able to add a new index/database.
>
> The current method does well to prevent it.  But, modifying the HKLM
> registry to add new indices would be inconvenient on a shared host.  Of
> course, changing the control to allow files to be specified by the
> script could be dangerous.  Splitting the privileges seems like the best
> compromise.   Let the user specify filenames (with well defined
> restrictions) and let admins specify directories.  One person could read
> another's index, but, I think that should be an assumed risk on a shared
> web host.

The patch I sent to David used a pair of registry keys for each database.
One has a user defined [name] specifying the directory containing the
index files the other called [name]_Index gives the (list of ) index file
names
which is passed to the swish-e library.

This was a quick fix avoiding two smallish bits of work

1) adding a second parameter to the Init function to specify the index files
and
directory separately (remembering to update the IDL).

2) writing a function to check the filename for potential hacks ( leading
backslashes,
drive specifications or ..\..\.. stuff - probably we should just reject any
string
containing slashes, colons or  backslashes ?

I guess I'll have to add some extra parameters to handle error handling so
(A)
could happen as part of that work.

Greg Ford
Received on Sun Aug 31 15:58:48 2003