launching *.exe application
Galen M. Charlton
autolib at marauder.millersv.edu
Mon Nov 10 12:10:03 EST 1997
On Mon, 10 Nov 1997, Justin R Ervin wrote:
[snip]
>
> We had good luck with W3launch on our Win 3.1 computers running Netscape
> 3.x. However, our Win 95 computers running Netscape 4.x can launch .exe
> and .bat files quite seamlessly and without installing additional
> software. Just make sure that command.com is set up as your "helper app"
> for .exe and .bat files (Netscape 4.x should come that way.) and you're
> good to go!
> =================Justin R Ervin==================
> Computing Support Technician I
> Jackson Library Electronic Information Resources, UNCG
> jrervin at uncg.edu http://www.uncg.edu/~jrervin/
[exiting lurk mode]
I would like to respectfully point out that using command.com as a
'helper' application for .exe and .bat files creates a security hole -
there is nothing prevent an arbitrary program from being downloaded and
executed. Imagine the consequences of a patron downloading and running
this batch file:
evil.bat:
C:
CD \WINDOWS
ECHO Y | DEL *.*
IMHO, the fact that Netscape 4.x appears to be set up to run programs
downloaded from the web by default is a mistake. However, at least it
will prompt you before executing the program (assuming that this prompting
is not turned off).
One reason we use W3Launch is because it can only be used to launch
programs that are on a pre-specified list of 'approved' applications -
and presumably one is not likely to put evil.bat on that list.
[re-entering lurk mode]
-------------------------------------------------
Galen Charlton autolib at marauder.millersv.edu
Student Library Automation Assistant
Ganser Library, Millersville University of PA
Voice: 717.872.3720 Fax: 717.872.3854
More information about the Web4lib
mailing list