问题
We're developing a site that will only run on the intranet, and computers with access to this intranet will have this executable installed. We can't have any "Would you like to open [filename].exe?" prompts. Click a link and the program begins running.
I realize that giving websites the ability to run executables on the client machine is very, very bad, but management refuses to budge on this.
Machines will have Windows (XP or up) with Firefox 3.
回答1:
We're developing a site that will only run on the intranet, and computers with access to this intranet will have this executable installed.
Does this mean the EXE is already installed on the desktop? You just want to launch it from the website?
If so, you can associate the EXE with a MIME Content Type and when the user clicks it, it will launch.
Pick a Content Type and a file extension, for your EXE name, for instance:
CauseChaos.exe Associated with .chaos file extenstion Content Type will be: application/chaos
Associate the file extension with your EXE via the EXE install. I show it here, using InnoSetup
[Registry]
Root: HKCR; Subkey: .chaos; ValueType: string; ValueData: CauseChaos; Flags: uninsdeletekey
Root: HKCR; Subkey: CauseChaos; ValueType: string; ValueData: CauseChaos Tool; Flags: uninsdeletekey
Root: HKCR; Subkey: CauseChaos\DefaultIcon; ValueType: string; ValueData: {app}\CauseChaos.exe,0; Flags: uninsdeletekey
Root: HKCR; Subkey: CauseChaos\shell\open\command; ValueType: string; ValueData: "{app}\CauseChaos.exe ""%1"""; Flags: uninsdeletekeyAssociate the MIME content type with the file extension, through the EXE install.
[Registry] (continued...)
Root: HKCR; Subkey: HKCR\Mime\Database\Content Type\application/chaos; ValueType: string; ValueName: Extension; ValueData: .chaos; Flags: uninsdeletevalue回答2:
Been there done that. MIME types (accepted answer at the moment I add this) requires a lot of configuring on client and server.This is quite a bit of work, and you end up with temporary files etc.
Our solution was to add our own "Custom URL Protocol Handler". Basically, add URL type x-our-intranet and make your corporate app the URL handler for it. Now any link will start your corporate app, passing "x-our-intrenet:foo" as a command-line argument. All it takes is a client-side registry entry, similar to the MIME types.
回答3:
Try this JavaScript:
function executeCommands(inputparms)
{
// Instantiate the Shell object and invoke its execute method.
var oShell = new ActiveXObject("Shell.Application");
var commandtoRun = "c:\windows\Notepad.exe";
// Invoke the execute method.
oShell.ShellExecute(commandtoRun, commandParms, "", "open", "1");
}
You will have to set the browser security settings accordingly, and this would work only in IE.
回答4:
The only way I could possibly imagine this working is through some sort of ActiveX control which would run your executable, but I don't know how feasible that is with Firefox.
This should be one of those things where -you- should be refusing to budge on it, not management.
回答5:
I recommend you take a look at Adobe Flex / Air, it is designed with this model in mind and the inherent security barn door that it opens.
回答6:
I agree with the rest, I'm pretty sure you can't do this anymore (and especially in Firefox). This is how many of the spyware/adware programs got installed back in the day. You will have to take a stand and just tell management that its impossible.
回答7:
An active X control is the easiest way. There is a plugin for firefox that allows you to host active X controls. Or you could just write an NS Plugin to handle this.
回答8:
This is an old article about web deployment of executables. I know this is possible using Internet Explorer (because of our fragmented development team we still have to support some of this). I don't know about the firefox implications.
回答9:
Using a "file:///c:/Program Files/myprogs/myprog.exe" URL in the link used to work for IE. But, I have not tried this in a long time.
I would recommend the MIME type method above or adding a special URI prefix "chaos://myparams" that is handled by that executable.
回答10:
I understand completely what you are wanting. All I read on the internet is people mentioning this is a big security breach etc... However, I dont guess they understand why you would want this implemented and I will explain why I need this and am working on a solution to this problem and am getting very close.
I have many different user applications, ex. Call Center, etc... I am currently working on a lockdown desktop that runs in Kiosk mode. All the user will see is a blue screen with some computer information and an IE icon. My goal is to run the Microsoft Office, and some internal Client/Server apps from this page. It works perfectly fine as everything is still there just my users cannot see it. However, I'm having the same issues as you. My network is very secure utilizing MPLS, internal and external managed Routers, Firewalls/ASA's, and plenty of security professionals. Plus, this is strictly INTERNAL only. So, in my opinion its perfectly ok. So, if I come up with some sort of workaround solution for this I will post it.
来源:https://stackoverflow.com/questions/467004/launching-an-executable-from-a-website