28,406
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
ssm1226 2002-09-27
- 打赏
- 举报
只能找黑客
yonghengdizhen 2002-09-27
- 打赏
- 举报
秋水这是说的脚本安全接口..
实际上,要成为可信任的active x还必须付费给签名机构加上数字签名.
实际上,要成为可信任的active x还必须付费给签名机构加上数字签名.
qiushuiwuhen 2002-09-27
- 打赏
- 举报
和Asp无关,以前做安全标示的笔记,(VC++),共两种
Component Categories
[HKEY_CLASSES_ROOT\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
"409"="Controls that are safely scriptable"
[HKEY_CLASSES_ROOT\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
"409"="Controls safely initializable from persistent data"
Implemented Categories
[HKEY_CLASSES_ROOT\CLSID\{yourCLSID}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{yourCLSID}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
// Mark as safe for scripting—failure OK.
HRESULT hr = CreateComponentCategory(CATID_SafeForScripting, L"Controls that are safely scriptable");
if (SUCCEEDED(hr)) RegisterCLSIDInCategory(m_clsid, CATID_SafeForScripting);
// Mark as safe for data initialization.
hr = CreateComponentCategory(CATID_SafeForInitializing, L"Controls safely initializable from persistent data");
if (SUCCEEDED(hr)) RegisterCLSIDInCategory(m_clsid, CATID_SafeForInitializing);
..Ctl.h
DECLARE_INTERFACE_MAP()
BEGIN_INTERFACE_PART(MyObjSafe, IObjectSafety)
STDMETHOD_(HRESULT, GetInterfaceSafetyOptions) (
/* [in] */ REFIID riid,
/* [out] */ DWORD __RPC_FAR *pdwSupportedOptions,
/* [out] */ DWORD __RPC_FAR *pdwEnabledOptions
);
STDMETHOD_(HRESULT, SetInterfaceSafetyOptions) (
/* [in] */ REFIID riid,
/* [in] */ DWORD dwOptionSetMask,
/* [in] */ DWORD dwEnabledOptions
);
END_INTERFACE_PART(MyObjSafe);
..Ctl.cpp
BEGIN_INTERFACE_MAP( CStopLiteCtrl, COleControl )
INTERFACE_PART(CStopLiteCtrl, IID_IObjectSafety, MyObjSafe)
END_INTERFACE_MAP()
ULONG FAR EXPORT CStopLiteCtrl::XMyObjSafe::AddRef()
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
return pThis->ExternalAddRef();
}
ULONG FAR EXPORT CStopLiteCtrl::XMyObjSafe::Release()
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
return pThis->ExternalRelease();
}
HRESULT FAR EXPORT CStopLiteCtrl::XMyObjSafe::QueryInterface(
REFIID iid, void FAR* FAR* ppvObj)
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);
}
const DWORD dwSupportedBits =
INTERFACESAFE_FOR_UNTRUSTED_CALLER |
INTERFACESAFE_FOR_UNTRUSTED_DATA;
const DWORD dwNotSupportedBits = ~ dwSupportedBits;
/////////////////////////////////////////////////////////////////////////////
// CStopLiteCtrl::XMyObjSafe::GetInterfaceSafetyOptions
// Allows container to query what interfaces are safe for what. We're
// optimizing significantly by ignoring which interface the caller is
// asking for.
HRESULT STDMETHODCALLTYPE
CStopLiteCtrl::XMyObjSafe::GetInterfaceSafetyOptions(
/* [in] */ REFIID riid,
/* [out] */ DWORD __RPC_FAR *pdwSupportedOptions,
/* [out] */ DWORD __RPC_FAR *pdwEnabledOptions)
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
HRESULT retval = ResultFromScode(S_OK);
// does interface exist?
IUnknown FAR* punkInterface;
retval = pThis->ExternalQueryInterface(&riid,
(void * *)&punkInterface);
if (retval != E_NOINTERFACE) { // interface exists
punkInterface->Release(); // release it--just checking!
}
// we support both kinds of safety and have always both set,
// regardless of interface
*pdwSupportedOptions = *pdwEnabledOptions = dwSupportedBits;
return retval; // E_NOINTERFACE if QI failed
}
/////////////////////////////////////////////////////////////////////////////
// CStopLiteCtrl::XMyObjSafe::SetInterfaceSafetyOptions
// Since we're always safe, this is a no-brainer--but we do check to make
// sure the interface requested exists and that the options we're asked to
// set exist and are set on (we don't support unsafe mode).
HRESULT STDMETHODCALLTYPE
CStopLiteCtrl::XMyObjSafe::SetInterfaceSafetyOptions(
/* [in] */ REFIID riid,
/* [in] */ DWORD dwOptionSetMask,
/* [in] */ DWORD dwEnabledOptions)
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
// does interface exist?
IUnknown FAR* punkInterface;
pThis->ExternalQueryInterface(&riid, (void * *)&punkInterface);
if (punkInterface) { // interface exists
punkInterface->Release(); // release it--just checking!
}
else { // interface doesn't exist
return ResultFromScode(E_NOINTERFACE);
}
// can't set bits we don't support
if (dwOptionSetMask & dwNotSupportedBits) {
return ResultFromScode(E_FAIL);
}
// can't set bits we do support to zero
dwEnabledOptions &= dwSupportedBits;
// (we already know there are no extra bits in mask )
if ((dwOptionSetMask & dwEnabledOptions) !=
dwOptionSetMask) {
return ResultFromScode(E_FAIL);
}
// don't need to change anything since we're always safe
return ResultFromScode(S_OK);
}
Component Categories
[HKEY_CLASSES_ROOT\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
"409"="Controls that are safely scriptable"
[HKEY_CLASSES_ROOT\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
"409"="Controls safely initializable from persistent data"
Implemented Categories
[HKEY_CLASSES_ROOT\CLSID\{yourCLSID}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_CLASSES_ROOT\CLSID\{yourCLSID}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
// Mark as safe for scripting—failure OK.
HRESULT hr = CreateComponentCategory(CATID_SafeForScripting, L"Controls that are safely scriptable");
if (SUCCEEDED(hr)) RegisterCLSIDInCategory(m_clsid, CATID_SafeForScripting);
// Mark as safe for data initialization.
hr = CreateComponentCategory(CATID_SafeForInitializing, L"Controls safely initializable from persistent data");
if (SUCCEEDED(hr)) RegisterCLSIDInCategory(m_clsid, CATID_SafeForInitializing);
..Ctl.h
DECLARE_INTERFACE_MAP()
BEGIN_INTERFACE_PART(MyObjSafe, IObjectSafety)
STDMETHOD_(HRESULT, GetInterfaceSafetyOptions) (
/* [in] */ REFIID riid,
/* [out] */ DWORD __RPC_FAR *pdwSupportedOptions,
/* [out] */ DWORD __RPC_FAR *pdwEnabledOptions
);
STDMETHOD_(HRESULT, SetInterfaceSafetyOptions) (
/* [in] */ REFIID riid,
/* [in] */ DWORD dwOptionSetMask,
/* [in] */ DWORD dwEnabledOptions
);
END_INTERFACE_PART(MyObjSafe);
..Ctl.cpp
BEGIN_INTERFACE_MAP( CStopLiteCtrl, COleControl )
INTERFACE_PART(CStopLiteCtrl, IID_IObjectSafety, MyObjSafe)
END_INTERFACE_MAP()
ULONG FAR EXPORT CStopLiteCtrl::XMyObjSafe::AddRef()
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
return pThis->ExternalAddRef();
}
ULONG FAR EXPORT CStopLiteCtrl::XMyObjSafe::Release()
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
return pThis->ExternalRelease();
}
HRESULT FAR EXPORT CStopLiteCtrl::XMyObjSafe::QueryInterface(
REFIID iid, void FAR* FAR* ppvObj)
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
return (HRESULT)pThis->ExternalQueryInterface(&iid, ppvObj);
}
const DWORD dwSupportedBits =
INTERFACESAFE_FOR_UNTRUSTED_CALLER |
INTERFACESAFE_FOR_UNTRUSTED_DATA;
const DWORD dwNotSupportedBits = ~ dwSupportedBits;
/////////////////////////////////////////////////////////////////////////////
// CStopLiteCtrl::XMyObjSafe::GetInterfaceSafetyOptions
// Allows container to query what interfaces are safe for what. We're
// optimizing significantly by ignoring which interface the caller is
// asking for.
HRESULT STDMETHODCALLTYPE
CStopLiteCtrl::XMyObjSafe::GetInterfaceSafetyOptions(
/* [in] */ REFIID riid,
/* [out] */ DWORD __RPC_FAR *pdwSupportedOptions,
/* [out] */ DWORD __RPC_FAR *pdwEnabledOptions)
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
HRESULT retval = ResultFromScode(S_OK);
// does interface exist?
IUnknown FAR* punkInterface;
retval = pThis->ExternalQueryInterface(&riid,
(void * *)&punkInterface);
if (retval != E_NOINTERFACE) { // interface exists
punkInterface->Release(); // release it--just checking!
}
// we support both kinds of safety and have always both set,
// regardless of interface
*pdwSupportedOptions = *pdwEnabledOptions = dwSupportedBits;
return retval; // E_NOINTERFACE if QI failed
}
/////////////////////////////////////////////////////////////////////////////
// CStopLiteCtrl::XMyObjSafe::SetInterfaceSafetyOptions
// Since we're always safe, this is a no-brainer--but we do check to make
// sure the interface requested exists and that the options we're asked to
// set exist and are set on (we don't support unsafe mode).
HRESULT STDMETHODCALLTYPE
CStopLiteCtrl::XMyObjSafe::SetInterfaceSafetyOptions(
/* [in] */ REFIID riid,
/* [in] */ DWORD dwOptionSetMask,
/* [in] */ DWORD dwEnabledOptions)
{
METHOD_PROLOGUE(CStopLiteCtrl, MyObjSafe)
// does interface exist?
IUnknown FAR* punkInterface;
pThis->ExternalQueryInterface(&riid, (void * *)&punkInterface);
if (punkInterface) { // interface exists
punkInterface->Release(); // release it--just checking!
}
else { // interface doesn't exist
return ResultFromScode(E_NOINTERFACE);
}
// can't set bits we don't support
if (dwOptionSetMask & dwNotSupportedBits) {
return ResultFromScode(E_FAIL);
}
// can't set bits we do support to zero
dwEnabledOptions &= dwSupportedBits;
// (we already know there are no extra bits in mask )
if ((dwOptionSetMask & dwEnabledOptions) !=
dwOptionSetMask) {
return ResultFromScode(E_FAIL);
}
// don't need to change anything since we're always safe
return ResultFromScode(S_OK);
}
guangjian 2002-09-27
- 打赏
- 举报
刚刚做了一个,加入安全代码验证,然后签名,要给1000分,我就把内嵌代码发给你,哈哈
boywdj 2002-09-27
- 打赏
- 举报
使用数字签名(SIGNCODE.EXE)
huaxing 2002-03-12
- 打赏
- 举报
我不是想做黑客,只是想解决这个问题。
yemol_yuan 2002-03-12
- 打赏
- 举报
高手可不是黑客
ekang999 2002-03-12
- 打赏
- 举报
大家快来这礼看一下,解决一下实际问题,这们老兄问得好呀?
julyclyde 2002-03-12
- 打赏
- 举报
没有办法
如果“解决”了那岂不是服务器想黑哪个客户端都可以了?
如果“解决”了那岂不是服务器想黑哪个客户端都可以了?
huaxing 2002-03-11
- 打赏
- 举报
这个问题真的这个难吗???
ASP中的高手都跑到哪去了?????????
ASP中的高手都跑到哪去了?????????
huaxing 2002-03-11
- 打赏
- 举报
各位高手,那是否没有办法解决这个问题???
julyclyde 2002-03-10
- 打赏
- 举报
是啊。你可以删除系统文件 with FSO
huaxing 2002-03-10
- 打赏
- 举报
请问楼上的兄弟,如何删除系统文件。您说的具体一点好吗?
xingworld 2002-03-10
- 打赏
- 举报
gz
julyclyde 2002-03-10
- 打赏
- 举报
签名也白签,照样提示“是否安装”
huaxing 2002-03-09
- 打赏
- 举报
我用的是javascript的fso对象。怎么它也是不安全的对象?
huaxing 2002-03-09
- 打赏
- 举报
我是说如何用程序进行控件。
lanying 2002-03-09
- 打赏
- 举报
gz
slan 2002-03-09
- 打赏
- 举报
修改ie设置:
工具/internet选项/安全/自定义级别/
启用“没有标记为安全的activex。。。”
工具/internet选项/安全/自定义级别/
启用“没有标记为安全的activex。。。”
slan 2002-03-09
- 打赏
- 举报
是不是一运行程序就说该控件不安全?
如果是这样的话,可以修改ie的设置搞定:
工具/internet选项/安全/自定义级别/
启用“没有标记为安全activex控件允许。。。。”
如果是这样的话,可以修改ie的设置搞定:
工具/internet选项/安全/自定义级别/
启用“没有标记为安全activex控件允许。。。。”
加载更多回复(1)
