Hello, in an intranet we have the requirement to communicate between two
browser windows, e.g. read hidden fields or execute functions in other
window. This works fine as long as both windows come from the same web
server. If the html pages come from different sites then we get an security
violation error. We are using only IE 6.0.
Question: Is it possible to get arround this limitation, e.g. somehow
register both sites as trusted or use some kind of signature?
The only idea I have is to use an additional web server who acts as some
kind of proxy. The functions of IIS 5.0 are not sufficient for this
requirement because virtual directories pointing to an other server are only
redirected, the browser fetches the content from the real destination. But
we also want to have single login on our trusted IIS sites and this will
propably break if we are using a proxy web server as kind of a gateway.
Regards, Rainer Rosenberger
12  3073 
And it's good that it's so secure! ;-)
I'm not clear why do you have different web-servers within the Intranet.
Are you a web-provider?
Not my business really, I'm just wondering if you are troubling with
different sub-domains, not domains (like www.company.com,
secure.company.com, www2.company.com and so). In this case you can fix
the situation by setting document.domain="company.com" on each involved
page.
Also you can:
on each involved browser go to Tools>Internet Options>Security, add your
sites to the "Trusted sites" list and apply no security protection on
them.
Work with System.Security.Permissions: http://msdn.microsoft.com/library/de.../en-us/cpref/h
tml/frlrfsystemsecuritypermissionssecurityattributecla sstopic.asp
Hello,
thanks for your suggestions. We have two different subdomains
server_x.mydom.de (x=1,2) because there are existing applications sitting on
these servers (with different operating systems NT respectively AIX) and we
want to integrate the existing web application of server_2 into a new
application on server_1. So it seems to be worth to test the
document.domain="mydom.de". The problem might be (to be tested) that the
URL used by users simply is http://server_x and not http://server_x.mydom.de
I already tried to set the trusted domains in IE, but this did not work
I'll keep you informed.
Regards, Rainer Rosenberger
"VK" <sc**********@yahoo.com> schrieb im Newsbeitrag
news:3f***********************@news.freenet.de... And it's good that it's so secure! ;-)
I'm not clear why do you have different web-servers within the Intranet.
Are you a web-provider?
Not my business really, I'm just wondering if you are troubling with
different sub-domains, not domains (like www.company.com,
secure.company.com, www2.company.com and so). In this case you can fix
the situation by setting document.domain="company.com" on each involved
page.
Also you can:
on each involved browser go to Tools>Internet Options>Security, add your
sites to the "Trusted sites" list and apply no security protection on
them.
Work with System.Security.Permissions:
http://msdn.microsoft.com/library/de.../en-us/cpref/h
tml/frlrfsystemsecuritypermissionssecurityattributecla sstopic.asp
Hi VK, in the meanwhile I tested your suggestion and copied one file to
subdomain s1.mydom.de and the other to s2.mydom.de and still got the access
violation error. I also tried to access the the newly opened window through
an ActiveX control (hoping it acts like a trusted proxy), without success.
Regards, Rainer Rosenberger
"VK" <sc**********@yahoo.com> schrieb im Newsbeitrag
news:3f***********************@news.freenet.de... And it's good that it's so secure! ;-)
I'm not clear why do you have different web-servers within the Intranet.
Are you a web-provider?
Not my business really, I'm just wondering if you are troubling with
different sub-domains, not domains (like www.company.com,
secure.company.com, www2.company.com and so). In this case you can fix
the situation by setting document.domain="company.com" on each involved
page.
Also you can:
on each involved browser go to Tools>Internet Options>Security, add your
sites to the "Trusted sites" list and apply no security protection on
them.
Work with System.Security.Permissions:
http://msdn.microsoft.com/library/de.../en-us/cpref/h
tml/frlrfsystemsecuritypermissionssecurityattributecla sstopic.asp
VK wrote: And it's good that it's so secure! ;-)
Not from my point of view... :-)
In this case you can fix
the situation by setting document.domain="company.com" on each involved
page.
I have a similar problem; I have a frameset containing two frames:
a left frame from "charon.it.bton.ac.uk" and a right frame from
"hermes.it.bton.ac.uk". The left frame contains some JS which
communicates with an applet. The right frame contains several forms,
each with a button that has "onclick=javascript :parent.left.process()"
to process the form data. (For various reasons I can't put the right
frame on charon.it.bton.ac.uk.) I used to get moans about the two
frames coming from different places, so I put a line at the start
of the right frame saying "document.domain=charon.it.bton.ac.uk".
What I now get is "Error: uncaught exception: permission denied to
get property Window.process".
Can anyone tell me how to get around this one? Please???
TIA,
-----------------------------------------------------------------
John English | mailto:je@brighton.ac.uk
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
-----------------------------------------------------------------
Hello John,
a frame is the same as an other window, so the behaviour is as expected. I
checked also various other newsgroups and tried discussions, without success
yet. I also tried to put an ActiveX control in between the two windows as a
kind of proxy server. There I found that the related VB Window Object
pointing to the browser window does not contain any function collection (I
only have access to textboxes and other objects defined in the explorer
object model). My impression is that even calling functions in an other
window after oWin=window.open() is working, but not documented or did you
find an official MS document?
Regards, Rainer Rosenberger
"John English" <je@brighton.ac.uk> schrieb im Newsbeitrag
news:bo**********@saturn.bton.ac.uk... VK wrote: And it's good that it's so secure! ;-)
Not from my point of view... :-)
In this case you can fix
the situation by setting document.domain="company.com" on each involved
page.
I have a similar problem; I have a frameset containing two frames:
a left frame from "charon.it.bton.ac.uk" and a right frame from
"hermes.it.bton.ac.uk". The left frame contains some JS which
communicates with an applet. The right frame contains several forms,
each with a button that has "onclick=javascript:parent.left.process()"
to process the form data. (For various reasons I can't put the right
frame on charon.it.bton.ac.uk.) I used to get moans about the two
frames coming from different places, so I put a line at the start
of the right frame saying "document.domain=charon.it.bton.ac.uk".
What I now get is "Error: uncaught exception: permission denied to
get property Window.process".
Can anyone tell me how to get around this one? Please???
TIA,
-----------------------------------------------------------------
John English | mailto:je@brighton.ac.uk
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
-----------------------------------------------------------------
> I have a similar problem; I have a frameset containing two frames: a left frame from "charon.it.bton.ac.uk" and a right frame from
"hermes.it.bton.ac.uk". The left frame contains some JS which
communicates with an applet. The right frame contains several forms,
each with a button that has
"onclick=javascript:parent.left.process()" to process the form data. (For various reasons I can't put the right
frame on charon.it.bton.ac.uk.) I used to get moans about the two
frames coming from different places, so I put a line at the start
of the right frame saying "document.domain=charon.it.bton.ac.uk".
My instant reaction on seeing that, never having used document.domain,
was that it couldn't possibly be allowed as it would break the
security mechanism. A quick check and as I suspected all you can do
is generalise the existing domain name. So for hermes.it.bton.ac.uk
you can set document.domain to "it.bton.ac.uk", "bton.ac.uk", "ac.uk"
or "uk". It sounds like setting them both to "it.bton.ac.uk" is what
you really need to do.
I have also seen a suggestion that you should have it in the frameset
document too.
Graham J wrote: My instant reaction on seeing that, never having used document.domain,
was that it couldn't possibly be allowed as it would break the
security mechanism. A quick check and as I suspected all you can do
is generalise the existing domain name. So for hermes.it.bton.ac.uk
you can set document.domain to "it.bton.ac.uk", "bton.ac.uk", "ac.uk"
or "uk". It sounds like setting them both to "it.bton.ac.uk" is what
you really need to do.
You're quite right; I was having funnies due to caching when I tried
that.
I have also seen a suggestion that you should have it in the frameset
document too.
It works quite happily as far as the JavaScript is concerned, but now
the JS can't talk to the Java applet because they now purport to come
from different places. I can't find anything about changing the domain
for an applet, so I'm just as stuck as before...
-----------------------------------------------------------------
John English | mailto:je@brighton.ac.uk
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
-----------------------------------------------------------------
Helle John,
I was able to solve my problem because I run in two different windows (maybe
with some modifications the same can be done for two frames). First of all a
everything in a browser window opened from a local application (HTA, VB or
DLL) can be acessed. A local application has full rights, regardless from
where the page has been requested. The tricky thing is to find the scripts
set oIE = CreateObject("InternetExplorer")
oIE.visible = True
oIE.Navigate sURL ' Now wait until oIE.busy = false
call oIE.document.parentWindow.MyJavaScriptFunction(par 1, ...)
I will write a DLL which mainly executes the code above but provides the
function calls as public classes. So I will have class methods like
Navigate(sURL) or CallFunction( para1,....). In Browserwindow1 I will not
control Browserwindow2 directly but open my class an let the classdo the
job. The class should be trusted (registry entry), otherwise there might be
a query whether the ActiveX should be activated) .
Regards, Rainer Rosenberger
John English wrote: I have a similar problem; I have a frameset containing two frames:
a left frame from "charon.it.bton.ac.uk" and a right frame from
"hermes.it.bton.ac.uk". The left frame contains some JS which
communicates with an applet. The right frame contains several forms,
each with a button that has "onclick=javascript:parent.left.process()"
to process the form data. (For various reasons I can't put the right
frame on charon.it.bton.ac.uk.) I used to get moans about the two
frames coming from different places, so I put a line at the start
of the right frame saying "document.domain=charon.it.bton.ac.uk".
What I now get is "Error: uncaught exception: permission denied to
get property Window.process".
In fact (following a few cache flushes so that I was loading the correct
version of all the pages involved) I get errors if I try to set the
domain to charon.it.bton.ac.uk -- setting it to it.bton.ac.uk is fine,
but I then get this:
sun.plugin.liveconnect.OriginNotAllowedException: JavaScript is not
from the same origin as the Java code, caller=http://it.bton.ac.uk,
callee=http://charon.it.bton.ac.uk
So, I can't claim that all the pages are from charon.it.bton.ac.uk,
but I can claim that the JS is from it.bton.ac.uk -- however the
applet is still from charon.it.bton.ac.uk.
Sigh. This used to work just fine with Netscape 4.7... :-(
Can anyone tell me how to get around this one? Please???
TIA,
-----------------------------------------------------------------
John English | mailto:je@brighton.ac.uk
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
-----------------------------------------------------------------
VK wrote: And it's good that it's so secure! ;-)
But it is an imperfect security.
I'm not clear why do you have different web-servers within the Intranet.
Not different servers are the problem, but different domains are.
PointedEars
Rainer Rosenberger wrote: thanks for your suggestions. We have two different subdomains
server_x.mydom.de (x=1,2) because there are existing applications sitting on
these servers (with different operating systems NT respectively AIX) and we
want to integrate the existing web application of server_2 into a new
application on server_1. So it seems to be worth to test the
document.domain="mydom.de". The problem might be (to be tested) that the
URL used by users simply is http://server_x and not http://server_x.mydom.de
Use server-side redirection to work around that:
,--------------------------- .htaccess ----------------------------
| RedirectMatch permanent ^(.+:\/\/server_x)(/[^.].*) $1.mydom.de$2
PointedEars
Rainer Rosenberger wrote: Helle John,
I was able to solve my problem because I run in two different windows (maybe
with some modifications the same can be done for two frames). First of all a
everything in a browser window opened from a local application (HTA, VB or
DLL) can be acessed. A local application has full rights, regardless from
where the page has been requested. The tricky thing is to find the scripts
set oIE = CreateObject("InternetExplorer")
oIE.visible = True
oIE.Navigate sURL ' Now wait until oIE.busy = false
call oIE.document.parentWindow.MyJavaScriptFunction(par 1, ...)
Alas, this won't work for me -- in my case it needs to work with any
browser, not necessarily running under Windows, and most certainly not
a special-purpose app. We have users on PCs, Macs and Suns running IE,
Netscape and Mozilla; most of the PC users run Windows, but quite a few
run Linux.
I've found a workaround -- an application running on my server that uses
Java class loaders & reflection to do what the applet would have done to
communicate with the other server, and an applet loaded from my server.
The JS can talk to the applet, and the applet uses the application as a
proxy to talk to the other server. This has involved me discovering much
more about the black magic of the reflection API than I ever wanted to
know, and has cost me a couple of days of frantic experimentation due to
the lack of documentation for various aspects of the process, but it
works at last.
However, I'd still be interested in hearing of any general solution to
the problem that doesn't involve writing local server apps to proxy for
remote services...
Cheers,
-----------------------------------------------------------------
John English | mailto:je@brighton.ac.uk
Senior Lecturer | http://www.it.bton.ac.uk/staff/je
Dept. of Computing | ** NON-PROFIT CD FOR CS STUDENTS **
University of Brighton | -- see http://burks.bton.ac.uk
----------------------------------------------------------------- This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Mr. x |
last post by:
Hello,
Can I make my java script code be invisible to other people who enter into
my site by IE browser ? - How ?
Thanks :)
|
by: Connie Walsh |
last post by:
Hi:
I gleaned a javascript off of the web:
http://www.hypergurl.com/popup.html
that sets a cookie everytime someone visits your site. If it is the
first visit in x number of days then a...
|
by: John |
last post by:
I am writing some JavaScript code and need to write one set of code if on a standard page and a different set if on a secure page.
Does anyone know if there is a JavaScript function that tests...
|
by: Steph |
last post by:
Bonjour,
Je souhaite lancer une redirection vers un fichier php via SRC= dans une
condition if (voir ci-dessous en bas du script) mais la redirection ne
fonctionne pas. Par contre la condition...
|
by: CR1 |
last post by:
I found a great cookie script below, but don't know how to make it also pass the values sent to the cookie, to a querystring as well for tracking purposes. Can anyone help? If there was a way to...
|
by: dredge |
last post by:
Hi Everyone,
I have been asked to build a PHP application that calculates important
financial information based on some user-inputted numbers and that will
not allow the user to continue...
|
by: FAQ server |
last post by:
-----------------------------------------------------------------------
FAQ Topic - How can I protect a webpage in javascript?...
|
by: krg |
last post by:
Hi,
I started writing this blog some time back and it would be
great if I could get an audience here and even better if we could have
a conversation about developments possible on the techniques I...
|
by: webmaniac |
last post by:
Hi,
Does anyone knows How "JAVAScript Public Key Encryption" works?
I am trying to secure my web page.
The users are going to be log in to my website.
I want to give them a 4 digit pin, that...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
