I am a financial analyst who's looking for the current foreign exchange rate for various currencies every second moment. For this I always telephone Phil de Lucre, the brokers and dealers of the forex markets. They now have a website where I can logon and get the rate online. Cool, I think.
I type the URL of their website, which looks like http://www.ForexRatesOnYourTips.com/Calculator.asp, and lo! I am greeted with a page that says, choose the currency for which you wish to compare the rate against the Indian Rupee (INR). That makes me happy. Then they have a textbox that says, now enter the amount in Indian Rupees (INR) whose equivalant you wish to see in the foreign currency. I enter Rs.100. "Good", I am thinking. Then I hit a button captioned "Get me the darn rate and make it quick!".
[BEHIND THE SCENES] Phil de Lucre created one ActiveX DLL called Foo that knows exactly how to convert exchnage of one currency into another. Foo proudly resides on the web server of Phil de Lucre and brothers. Mr.Mone Flee, the programmer at Phil de Lucre, commands in VBScript,
Dim ObjFoo Set ObjFoo = Server.CreateObject("Lib.Foo")
And magically so, an object of the wonderous Foo is instantiated on the web server. The web server reads requests made by my browser's button "Get me the darn rate and make it quick!" and passes it on to Foo in the Foo language. Foo, like it were a child's play, ardently returns the rate converted to the web server. The web server whips HTML out of it and displays on my page, the much coveted rate. [/BEHIND THE SCENES]
Makes me happy. Is this all about how ActiveX DLLs work in ASP? If I am right, let's proceed with a case of an ActiveX control. How do they work?
Let's warp the scene a bit. Foo is not a COM DLL, but this time with version 2, its just got a bit smarter and dainty with a dazzling interface. It is now reborn as an ActiveX Control, and all the people at Phil de Lucre make love to celebrate the new avatar.
When I hit the "Get me the darn rate and make it quick!" button this time, what happens? No no! More importantly, I beleive something happens even earlier, the moment I type http://www.ForexRatesOnYourTips.com/Calculator.asp, right?
"Sathyaish" wrote in message news:7b662036.0404130416.6a05d793@posting.google.com... > Am I right in believing thusly: > > I am a financial analyst who's looking for the current foreign > exchange rate for various currencies every second moment. For this I > always telephone Phil de Lucre, the brokers and dealers of the forex > markets. They now have a website where I can logon and get the rate > online. Cool, I think. > > I type the URL of their website, which looks like > http://www.ForexRatesOnYourTips.com/Calculator.asp, and lo! I am > greeted with a page that says, choose the currency for which you wish > to compare the rate against the Indian Rupee (INR). That makes me > happy. Then they have a textbox that says, now enter the amount in > Indian Rupees (INR) whose equivalant you wish to see in the foreign > currency. I enter Rs.100. "Good", I am thinking. Then I hit a button > captioned "Get me the darn rate and make it quick!". > > [BEHIND THE SCENES] > Phil de Lucre created one ActiveX DLL called Foo that knows exactly > how to convert exchnage of one currency into another. Foo proudly > resides on the web server of Phil de Lucre and brothers. Mr.Mone Flee, > the programmer at Phil de Lucre, commands in VBScript, > > Dim ObjFoo > Set ObjFoo = Server.CreateObject("Lib.Foo") > > And magically so, an object of the wonderous Foo is instantiated on > the web server. The web server reads requests made by my browser's > button "Get me the darn rate and make it quick!" and passes it on to > Foo in the Foo language. Foo, like it were a child's play, ardently > returns the rate converted to the web server. The web server whips > HTML out of it and displays on my page, the much coveted rate. > [/BEHIND THE SCENES] > > > Makes me happy. Is this all about how ActiveX DLLs work in ASP? If I > am right, let's proceed with a case of an ActiveX control. How do they > work? >
Yes, you are right! There are *some* constraints on using an activeX dll from an ASP script; All variables must be passed ByVal, and you have to remember that the dll runs with the accessrights of the web-user account. But apart from that, no great concerns...
> Let's warp the scene a bit. Foo is not a COM DLL, but this time with > version 2, its just got a bit smarter and dainty with a dazzling > interface. It is now reborn as an ActiveX Control, and all the people > at Phil de Lucre make love to celebrate the new avatar.
They shouldn't... An activeX *Control* opens a whole new can of worms.
> > When I hit the "Get me the darn rate and make it quick!" button this > time, what happens? No no! More importantly, I beleive something > happens even earlier, the moment I type > http://www.ForexRatesOnYourTips.com/Calculator.asp, right?
Right!
Because now, Mr. Mone Flee have replaced the serverside call:
Dim ObjFoo Set ObjFoo = Server.CreateObject("Lib.Foo")
with the following:
Which tells your browser to go into the registry to look up the component known by the name "28077E35-EE6F-4EFE-B274-7798CDB4CDCD", and start it. Now, all the work are done locally on your computer.
This component must of course be present on your computer, and if not, will result in one of two things...:
If Mr. Flee have included in his object tag a hint to where the componenet can be found, a download and installation will occur...
....if not, the expected glorious interface will be replaced with a tiny little picture of a red "X".
The "can of worms" part, lies in that if you download this component, you place the life and sanity of your computer in the hands of Mr. Flee. Because when his component are installed on your PC to do its job, its given the full run of whatever code can do on a computer.
> Am I right in believing thusly: > > I am a financial analyst who's looking for the current foreign > exchange rate for various currencies every second moment. For this I > always telephone Phil de Lucre, the brokers and dealers of the forex > markets. They now have a website where I can logon and get the rate > online. Cool, I think. > > I type the URL of their website, which looks like > http://www.ForexRatesOnYourTips.com/Calculator.asp, and lo! I am > greeted with a page that says, choose the currency for which you wish > to compare the rate against the Indian Rupee (INR). That makes me > happy. Then they have a textbox that says, now enter the amount in > Indian Rupees (INR) whose equivalant you wish to see in the foreign > currency. I enter Rs.100. "Good", I am thinking. Then I hit a button > captioned "Get me the darn rate and make it quick!". > > [BEHIND THE SCENES] > Phil de Lucre created one ActiveX DLL called Foo that knows exactly > how to convert exchnage of one currency into another. Foo proudly > resides on the web server of Phil de Lucre and brothers. Mr.Mone Flee, > the programmer at Phil de Lucre, commands in VBScript, > > Dim ObjFoo > Set ObjFoo = Server.CreateObject("Lib.Foo") > > And magically so, an object of the wonderous Foo is instantiated on > the web server. The web server reads requests made by my browser's > button "Get me the darn rate and make it quick!" and passes it on to > Foo in the Foo language. Foo, like it were a child's play, ardently > returns the rate converted to the web server. The web server whips > HTML out of it and displays on my page, the much coveted rate. > [/BEHIND THE SCENES] > > > Makes me happy. Is this all about how ActiveX DLLs work in ASP? If I > am right, let's proceed with a case of an ActiveX control. How do they > work? > > Let's warp the scene a bit. Foo is not a COM DLL, but this time with > version 2, its just got a bit smarter and dainty with a dazzling > interface. It is now reborn as an ActiveX Control, and all the people > at Phil de Lucre make love to celebrate the new avatar. > > When I hit the "Get me the darn rate and make it quick!" button this > time, what happens? No no! More importantly, I beleive something > happens even earlier, the moment I type > http://www.ForexRatesOnYourTips.com/Calculator.asp, right?
Phil paid an arm and a leg to get his OCX "signed" because you now need to download it in order for it to run. But this time it will only work if you're using Internet Explorer and your security is low enough to accept his signed ActiveX control. But it didn't work because by using IE with medium security you've already been victimized by a credit card spoof URL, so now you're broke and don't care about exchange rates.
So Phil and his friends declared a very official 30-day war on security problems, spending the usual 1/2 billion dollars on research and marketing to kick it off, and they lived happily ever after.
