Hi,
HTA's are a very good model for client UI, the security is not an issue
- it's "automatic". They allow you to create W3C compliant end-user apps
with zero deployment.
The big downside is that there's zero revenue for Microsoft from their
use, so obviously Microosft is not going to be pushing their use.
It's important the original poster understands the difference between
ASP.NET and HTAs, in that ASP is for client/server apps and HTAs are for
local apps. e.g. you would not use HTAs for a world-wide-web site
providing a nation-wide telephone directory. Conversely, you would not
use ASP.NET to provide a mobile sales rep with a CD-RW backup facility
for their laptop - you give them an HTA.
Smart-clients are a joke in all but 1 in 1000 real-world scenarios. A
simple example is the services I currently run can be used from hotel
rooms, internet cafe's and broken down home-user Win95 computers, Linux
boxes, Mac boxes, internet TVs and handhelds. See how well your lame-ass
"smart-client" app works on these systems??
The future is the W3C.
The way I write apps, is to write them once and never deploy them.
People simply type in "www.mydomain.com/myapp" and of they go. They get
superior client-side interaction from W3C compliant DOM and it's way
ahead of anything you can do in .NET with WinForms/Avalon (or whatever).
Bryan Lynn wrote:
Good info Clinton -- thanks!
By their nature, HTAs are not secure. HTAs essentially run like IE w/
out any of IE's security constraints -- that's the whole point of them.
Because they bypass IE's security model, this allows you to use HTML
and script (vb script, jscript, etc) to build rich "web" apps that can
interact with the user's file system, registry, etc (just like real
applications do).
So from a security standpoint, HTAs are like EXEs. HTAs are trusted
applications that should only be run from trusted sources -- and b/c of
this "trust", they have full permissions much like an EXE.
--
Gerry Hickman (London UK)