JAG
Thu Jul 13 13:11:50 CDT 2006
Thanks for enlightening me on the MSI concept, despite not having
enough information to provide what you may deem to be inaccurate
information. However, I believe MSI is going to work for me and I
appreciate you going out on a limb.
I will be exploring the MSI concept further and visiting the link you
provided.
Again, I have learned a great deal and thanks for your patience.
mayayana wrote:
> > Do you have any thoughts on storing user-entered data in text format?
>
> I don't really understand what you're doing, I don't
> know your security needs, and I'm not familiar with Excel,
> so I don't know what to tell you on that. I often just use
> simple INI files, which are really a text-based Registry.
> I suppose that if you wanted to protect that from casual
> prying eyes you could do something like converting
> the text to ASCII numbers, or add a few numbers to
> each character. (Example: "File" is 70-105-108-101
> in ASCII. If you added 65 to all of those you'd
> have incomprehensible characters that could be easily
> converted back. Or even just add 1 to get "Gjmf".)
>
> MSI is also an interesting tool. From Microsoft's
> point of view it's "unsupported" for any usage other
> than as Windows Installer software installation files.
> (Personally I'd never use MSI for *that*. :) But MSI
> files are basically just SQL databases - free and
> installed on virtually all Windows systems. (If you
> stick to v. 2 then it can be used on all Windows versions
> back to Win95. MSI v. 3 is not really different, from
> what I can see, but it only runs on XP.)
>
> The WindowsInstaller.Installer object (msiexec.exe)
> is basically a script-accessible SQL engine. So
> with MSI you have a free, VBS-friendly, SQL database
> that's pre-installed nearly everywhere. You can take
> a blank MSI file, create your own tables, and tie that
> into your webpage functionality.
>
> If any of that sounds interesting, see here for a sample
> and an MSI class:
>
http://www.jsware.net/jsware/msicode.php3
>
> The zip code utility is a sample of using an MSI to
> store text data behind a webpage interface. It uses
> an MSI file to store and retrieve US zip codes. The
> MSI has about 43,000 zip codes in it. They can be edited
> through the webpage interface and the msiexec
> functionality is very good - a zip code lookup is virtually
> instant.
> (Download the MSI editor on the same page to get
> the VBScript MSI class.)
>
> > This data would be eventually displayed to the user in the HTA. My
> > knee-jerk reaction is to store this data in a more secure format (ie
> > binary), thus negating the need to write out a text file.
> >
> > All of this has come about because of the need to supply spreadsheet
> > functionality and move away from Excel which currently provides this in
> > the HTA.
> >
> > Thanks again.
> >
> >
> > mayayana wrote:
> > > The FileSystemObject is not "safe for scripting",
> > > because it does have the ability to write files.
> > > It won't run in most browsers online. You'd need
> > > to be using Internet Explorer in a zone where you've
> > > selected to "initialize and run ActiveX controls not
> > > marked as safe". On Windows XP SP2 it won't
> > > even work locally without changing your IE settings.
> > >
> > > It will work in an HTA. HTA was invented to make
> > > webpage applications more usable, at a time before
> > > people were worried about security. (Microsoft
> > > has still done nothing to make it safe, and there have been
> > > some HTA viruses, so some people have it disabled.)
> > > HTA is little more than the removal of all security from
> > > a webpage. The *only* limitation is that it must run locally.
> > >
> > > So, in other words, if you're making a webpage program
> > > to distribute on a local network or among friends, HTA is a
> > > good way to do it and the FileSystemObject can be used in
> > > that. You won't have to worry about
> > > security limitations. But you can't just put an HTA
> > > program page online. It won't work unless people
> > > deliberately download the file before running it.
> > >
> > > > I was under the impression that creating a text file from script was
> > > > "prohibited," yet the following code [embedded in a web page] allows
> me
> > > > to do so. The code was taken from the following page:
> > > >
> > > >
> > >
>
http://www.microsoft.com/technet/scriptcenter/scripts/misc/web/mswbvb43.mspx
> > > ?mfr=true
> > > >
> > > > Sub RunScript
> > > > Set objFSO = CreateObject("Scripting.FileSystemObject")
> > > > objFSO.CreateTextFile("test.htm")
> > > > Set objFile = objFSO.OpenTextFile("test.htm", 2)
> > > > objFile.WriteLine DataArea.InnerHTML
> > > > objFile.Close
> > > > End Sub
> > > >
> > > > Is the above code breaking any rules of any kind in application
> > > > development? I would like to employ something like this in my hta if
> > > > it's not deemed inappropriate application development.
> > > >
> > > > Thanks for sharing your thoughts on this.
> > > >
> >