473,597 Members | 2,820 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Unspecified Potential Security Flaw

Dear Sirs,

Sorry, have reposted from another section as have not received any
responses...

I am using createDocumentF romUrl to obtain data from the web, which is
called several times (>100) for the application I am attempting.

I receive the following IE message when making this call:

This page has an unspecified potential security flaw. Would you like to
continue.

Is there any way to prgramatically surpress this message?

Note that when using the same url in IE directly (rather than from VB), I do
not get any error / warning messages.

Thanks

JC

PS further to previous posts the MSDN KB alludes to a similar issue for this
(implying cookie handling being the issue), refer:

http://support.microsoft.com/default...b;en-us;323034

It does not exactly help me but maybe someone who knows more about this than
me can discern a work around from this.
Nov 21 '05 #1
4 2627
Why dont you connect to the server and retrieve the document directly, I
mean without using IE?

best regards,
Alejandro Lapeyre

"Jack Clift" <Ja*******@disc ussions.microso ft.com> escribió en el mensaje
news:C1******** *************** ***********@mic rosoft.com...
Dear Sirs,

Sorry, have reposted from another section as have not received any
responses...

I am using createDocumentF romUrl to obtain data from the web, which is
called several times (>100) for the application I am attempting.

I receive the following IE message when making this call:

This page has an unspecified potential security flaw. Would you like to
continue.

Is there any way to prgramatically surpress this message?

Note that when using the same url in IE directly (rather than from VB), I do
not get any error / warning messages.

Thanks

JC

PS further to previous posts the MSDN KB alludes to a similar issue for this
(implying cookie handling being the issue), refer:

http://support.microsoft.com/default...b;en-us;323034

It does not exactly help me but maybe someone who knows more about this than
me can discern a work around from this.
Nov 21 '05 #2
Jack,

First that I answer in this is forever,
Ineternet Explorer gets a Page not a document.
A page can exist from more documents.

The mshtml.createDo cumentFromUrl, gets a document.

So to get a good answer I think that you have to show us at least the page
where you are talking about.

I hope this helps?

Cor
Nov 21 '05 #3
Here is the code:

a potential url would be:
"http://tradingroom.com .au/apps/qt/quote.ac?sectio n=quotedetail&s y=tpl&type=dela yedquote&code=B HP"
Function TradingRoomGetQ uoteData(ByVal sWS As String) As Boolean
Dim oMSHTML As MSHTML.HTMLDocu ment
Dim oHTMLDoc As MSHTML.HTMLDocu ment
Dim oDataTable As MSHTML.HTMLTabl e
Dim oWebTables As Object

Dim oWB As Workbook
Dim oWSCompanyList As Worksheet

Dim sQuoteQuery As String
Dim sTableData As String
Dim sASXCodes As String
Dim sURL As String

Dim iLastCompanyRow As Integer
Dim iCompanyRow As Integer
Dim iTableRow As Integer
Dim iTableCell As Integer

Dim bFoundLast As Boolean, bFoundYield As Boolean, bFoundCap As Boolean

Set oMSHTML = New MSHTML.HTMLDocu ment

Set oWB = ActiveWorkbook
Set oWSCompanyList = oWB.Worksheets( sWS)

sURL =
"http://tradingroom.com .au/apps/qt/quote.ac?sectio n=quotedetail&s y=tpl&type=dela yedquote&code="

iLastCompanyRow = oWSCompanyList. Cells.SpecialCe lls(xlLastCell) .Row - 1

iCompanyRow = ASXLIST_OFFSET

Do While iCompanyRow <= iLastCompanyRow

sASXCodes = oWSCompanyList. Cells(iCompanyR ow, 2).Value
'sQuoteQuery = sURL & "BHP"
sQuoteQuery = sURL & sASXCodes
Set oHTMLDoc = oMSHTML.createD ocumentFromUrl( sQuoteQuery,
vbNullString)

While oHTMLDoc.readyS tate <> "complete"
DoEvents
Wend

With oHTMLDoc.docume ntElement
Set oWebTables = .all.tags("tabl e")
Debug.Print sASXCodes
bFoundLast = False
bFoundYield = False
bFoundCap = False
For Each oDataTable In oWebTables
For iTableCell = 0 To oDataTable.Cell s.Length - 1
sTableData = Trim(oDataTable .Cells(iTableCe ll).innerText)
'Debug.Print iTableCell; sTableData
Select Case sTableData
Case "Closing Price"
Debug.Print
oDataTable.Cell s(iTableCell).i nnerText; ":"; oDataTable.Cell s(iTableCell +
6).innerText
bFoundLast = True
Exit For
Case "Div Yield"
Debug.Print
oDataTable.Cell s(iTableCell).i nnerText; ":"; oDataTable.Cell s(iTableCell +
5).innerText
bFoundYield = True
Exit For
Case "Market Capitalisation"
Debug.Print
oDataTable.Cell s(iTableCell).i nnerText; ":"; oDataTable.Cell s(iTableCell +
1).innerText
bFoundCap = True
Exit For
End Select
Next
If bFoundLast And bFoundYield And bFoundCap Then Exit For
Next

End With
iCompanyRow = iCompanyRow + 1
Loop

End Function

"Cor Ligthert" wrote:
Jack,

First that I answer in this is forever,
Ineternet Explorer gets a Page not a document.
A page can exist from more documents.

The mshtml.createDo cumentFromUrl, gets a document.

So to get a good answer I think that you have to show us at least the page
where you are talking about.

I hope this helps?

Cor

Nov 21 '05 #4
Jack,

I don't think I can help you with this kind of information.

On the other hand a page as this is can be changed very easy, so know what
you are doing.

I would never make any solution behind such a page.

Just my thought,

Cor
Nov 21 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

28
2778
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
2
1838
by: Sudar | last post by:
Web sites you visit can retrieve data from your clipboard depending on your security settings. Go to this page (www.clipboard.googlemyway.com) and see if anything shows up in the box. If you are using Firefox or Opera you probably won't see anything. However, if you are using Internet Explorer then chances are that whatever you last copied into your clipboard will be displayed.
24
1664
by: Bob Alston | last post by:
Could develop web pages that would interact with the access/jet database - like DAP but without the security flaw??? One of Access' competitors (Filemaker Pro as I recall) touts its EASY way to build web forms using its product. Sounds like they are trying to beat Access in a new venue - the web. Bob Alston bobalston9 AT yahoo DOT com
1
1113
by: Diego F. | last post by:
I'm really stuck with this. I have to export a pdf file and I'm using a dll (gios if someone knows it). If I run this in a local project it's ok but when moving it to a server, I get a Security.Exception: - If I try to send via http: "that assembly does not allow partially trusted callers" - If I try to save to disk: "request for the permission type 'System.Security.Permissions.FileIOPermission'
11
1042
by: Kevin Steffer [MCP] | last post by:
HI NG I have made a very nasty discovery on my dll files build from my ASP.NET projects in VS.NET 2003. In some of my codebehind files i have a private string that is my SQL Server connection string for example: public class myClass {
14
3488
by: WebMatrix | last post by:
Hello, I have developed a web application that connects to 2 different database servers. The connection strings with db username + password are stored in web.config file. After a code review, one developer suggested that it's a security flaw; therefore connection strings should be kept somewhere else or encrypted. My argument is that web.config file is protected by IIS and Windows security which is the case. And another argument is that...
8
1922
by: Matt Kruse | last post by:
http://news.zdnet.com/2100-1009_22-6121608.html Hackers claim zero-day flaw in Firefox 09 / 30 / 06 | By Joris Evers SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi...
3
1288
by: Annonymous Coward | last post by:
I recently downloaded and install SQLServer Express. I am considering using it as the backend db for my app (i.e. moving from the current PostgreSQL). I run sqlcmd without specifying any username or pwd, and I was suprised that I had access to the 'server', and could create and drop databses (admittedly I dropped only the dbs I created). This appears to be a *HUGE* security flaw - unless (I hope), I have missed something. Also, does...
1
2062
by: Guy Macon | last post by:
Serious Security Flaw in Google Chrome: http://www.readwriteweb.com/archives/security_flaw_in_google_chrome.php -- Guy Macon <http://www.GuyMacon.com/>
0
8281
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
8381
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
0
8262
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
5847
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
3893
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
0
3937
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
2409
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
1
1497
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1245
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.