demonhale — Wed, 19 Apr 2006 22:26:52 +0000

Ok to clear the air for any remarks regarding my site having to infect yours or have devious content, I can do that if I wanted to, although im running a ligitimate business and I can be sued...

Im developing an app which only uses one drop-down menu that actively changes the GUI, very simple light-weight 40kb program that I wrote... And as previously stated it can be done with ASP... it also could be done by wrapping it in a JAVA (Sun) not script functions by coding which is fairly difficult to do for just a small program...

Ok now, this discussion is not thoroughly in the net for fears of the same kind, although there is actually an exploit you can do for MS systems to run exe in the background... I dont want to use that still... I want legal and legitimate and especially easy solutions... as we discuss here, im trying to look for ways to implement this too.

So thanks so far for all the replies,

timjpriebe — Wed, 19 Apr 2006 19:12:05 +0000

Maxwell wrote: On the contrary. Assuming he's using a Windows-based machine, and "1337 H4XXOR" could DoS him by repeating this until the process locked up.

Or, I think.

You think correctly, but that still wouldn't pose a threat to your computer. It would pose a threat to his web server, a completely different animal altogether.

Greg K — Wed, 19 Apr 2006 19:10:59 +0000

[EDIT: This was supposed to be posted about 35 minutes before it was, so it is a little out of order Forgot to refresh thread before final submitting]

Macwell and dk01, it has been determined that this is something he wants to run on the server, not the visitor's computer.

I guess the next step is to answer the question of what does the program need for input (ie, command line parameters or GUI interface) and what does it give four output (visual output or just final results).

If it was jsut using command line arguments for input and just plain text output, you could probably execute it and ppe the output to a temp file and have ASP read that.

If it is a GUI with visual output, then you would need some type of web based virtual environment. I know Corel Draw for one version used a service for this for trial once. But I doubt there are many free do it yourself systems like this, mainly just services you have to pay for, and I bet quit a bit.

Perhaps get a windows system, someone to heavily lock it down from any use other than your program, and have a java based VNC type connection???

-Greg

dk01 — Wed, 19 Apr 2006 18:51:21 +0000

I don't think he is trying to do anything devious. Just something over a lan intranet probably. Are you on a Windows Domain? If so you are better off putting this program on a network share and just have your domain server create a shortcut on your user's desktop whenever they login. Running a program out of a web browser defeats the point of having a web browser.

Maxwell — Wed, 19 Apr 2006 18:26:15 +0000

timjpriebe wrote: Guys, he's wanting to run a program server-side. That's completely different from client-side. Client-side would pose a threat to your computer. Server-side, not so much.

On the contrary. Assuming he's using a Windows-based machine, and "1337 H4XXOR" could DoS him by repeating this until the process locked up.

Or, I think.

Maxwell — Wed, 19 Apr 2006 18:24:22 +0000

I've got it!

If you were to run this locally (which I'm sure your devious mind wasn't intending), you could specify a filetype to execute a program, as if it were a scripting platform! Say, an "href" to a '.dos' file, and your server would run (locally) "C:\WINDOWS\system32\cmd.exe".

I'm going to do this.

timjpriebe — Wed, 19 Apr 2006 18:24:18 +0000

Guys, he's wanting to run a program server-side. That's completely different from client-side. Client-side would pose a threat to your computer. Server-side, not so much.

If the Flash is in an HTML page, you could load an ASP page in a small, basically invisible iframe, then have that run the executable.

Does the EXE require any user input after initially launched?

dk01 — Wed, 19 Apr 2006 18:18:12 +0000

Its impossible. The only way you could do it would be to set the security to very low and even then you'd have to basically make a trojan that would run only if the user was running IE. Frankly this just isn't done. Its considered a security breach and would require some truly ugly VBS code and security settings.

Maxwell — Wed, 19 Apr 2006 16:19:52 +0000

demonhale wrote: Greg, server side absolutely, I know the concern, I just want to find a way to share an exe prog, the visitor can run serverside... thanks

This seems very suspicious to me. I don't want to visit your web site...

timjpriebe — Wed, 19 Apr 2006 12:28:28 +0000

You're wanting a program to be run server-side that's a standard EXE? It would help if we knew more about what you're trying to accomplish. What kind of output would the EXE program have?

Most likely, you will have to put an execute statement within some sort of scripting language like ASP. Why are you not wanting to do it that way?