473,669 Members | 2,409 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Unspecified Potential Security Flaw

Dear Sirs,

Sorry, have reposted from another section as have not received any
responses...

I am using createDocumentF romUrl to obtain data from the web, which is
called several times (>100) for the application I am attempting.

I receive the following IE message when making this call:

This page has an unspecified potential security flaw. Would you like to
continue.

Is there any way to prgramatically surpress this message?

Note that when using the same url in IE directly (rather than from VB), I do
not get any error / warning messages.

Thanks

JC

PS further to previous posts the MSDN KB alludes to a similar issue for this
(implying cookie handling being the issue), refer:

http://support.microsoft.com/default...b;en-us;323034

It does not exactly help me but maybe someone who knows more about this than
me can discern a work around from this.
Nov 21 '05 #1
4 2631
Why dont you connect to the server and retrieve the document directly, I
mean without using IE?

best regards,
Alejandro Lapeyre

"Jack Clift" <Ja*******@disc ussions.microso ft.com> escribió en el mensaje
news:C1******** *************** ***********@mic rosoft.com...
Dear Sirs,

Sorry, have reposted from another section as have not received any
responses...

I am using createDocumentF romUrl to obtain data from the web, which is
called several times (>100) for the application I am attempting.

I receive the following IE message when making this call:

This page has an unspecified potential security flaw. Would you like to
continue.

Is there any way to prgramatically surpress this message?

Note that when using the same url in IE directly (rather than from VB), I do
not get any error / warning messages.

Thanks

JC

PS further to previous posts the MSDN KB alludes to a similar issue for this
(implying cookie handling being the issue), refer:

http://support.microsoft.com/default...b;en-us;323034

It does not exactly help me but maybe someone who knows more about this than
me can discern a work around from this.
Nov 21 '05 #2
Jack,

First that I answer in this is forever,
Ineternet Explorer gets a Page not a document.
A page can exist from more documents.

The mshtml.createDo cumentFromUrl, gets a document.

So to get a good answer I think that you have to show us at least the page
where you are talking about.

I hope this helps?

Cor
Nov 21 '05 #3
Here is the code:

a potential url would be:
"http://tradingroom.com .au/apps/qt/quote.ac?sectio n=quotedetail&s y=tpl&type=dela yedquote&code=B HP"
Function TradingRoomGetQ uoteData(ByVal sWS As String) As Boolean
Dim oMSHTML As MSHTML.HTMLDocu ment
Dim oHTMLDoc As MSHTML.HTMLDocu ment
Dim oDataTable As MSHTML.HTMLTabl e
Dim oWebTables As Object

Dim oWB As Workbook
Dim oWSCompanyList As Worksheet

Dim sQuoteQuery As String
Dim sTableData As String
Dim sASXCodes As String
Dim sURL As String

Dim iLastCompanyRow As Integer
Dim iCompanyRow As Integer
Dim iTableRow As Integer
Dim iTableCell As Integer

Dim bFoundLast As Boolean, bFoundYield As Boolean, bFoundCap As Boolean

Set oMSHTML = New MSHTML.HTMLDocu ment

Set oWB = ActiveWorkbook
Set oWSCompanyList = oWB.Worksheets( sWS)

sURL =
"http://tradingroom.com .au/apps/qt/quote.ac?sectio n=quotedetail&s y=tpl&type=dela yedquote&code="

iLastCompanyRow = oWSCompanyList. Cells.SpecialCe lls(xlLastCell) .Row - 1

iCompanyRow = ASXLIST_OFFSET

Do While iCompanyRow <= iLastCompanyRow

sASXCodes = oWSCompanyList. Cells(iCompanyR ow, 2).Value
'sQuoteQuery = sURL & "BHP"
sQuoteQuery = sURL & sASXCodes
Set oHTMLDoc = oMSHTML.createD ocumentFromUrl( sQuoteQuery,
vbNullString)

While oHTMLDoc.readyS tate <> "complete"
DoEvents
Wend

With oHTMLDoc.docume ntElement
Set oWebTables = .all.tags("tabl e")
Debug.Print sASXCodes
bFoundLast = False
bFoundYield = False
bFoundCap = False
For Each oDataTable In oWebTables
For iTableCell = 0 To oDataTable.Cell s.Length - 1
sTableData = Trim(oDataTable .Cells(iTableCe ll).innerText)
'Debug.Print iTableCell; sTableData
Select Case sTableData
Case "Closing Price"
Debug.Print
oDataTable.Cell s(iTableCell).i nnerText; ":"; oDataTable.Cell s(iTableCell +
6).innerText
bFoundLast = True
Exit For
Case "Div Yield"
Debug.Print
oDataTable.Cell s(iTableCell).i nnerText; ":"; oDataTable.Cell s(iTableCell +
5).innerText
bFoundYield = True
Exit For
Case "Market Capitalisation"
Debug.Print
oDataTable.Cell s(iTableCell).i nnerText; ":"; oDataTable.Cell s(iTableCell +
1).innerText
bFoundCap = True
Exit For
End Select
Next
If bFoundLast And bFoundYield And bFoundCap Then Exit For
Next

End With
iCompanyRow = iCompanyRow + 1
Loop

End Function

"Cor Ligthert" wrote:
Jack,

First that I answer in this is forever,
Ineternet Explorer gets a Page not a document.
A page can exist from more documents.

The mshtml.createDo cumentFromUrl, gets a document.

So to get a good answer I think that you have to show us at least the page
where you are talking about.

I hope this helps?

Cor

Nov 21 '05 #4
Jack,

I don't think I can help you with this kind of information.

On the other hand a page as this is can be changed very easy, so know what
you are doing.

I would never make any solution behind such a page.

Just my thought,

Cor
Nov 21 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
28
2786
Who should security issues be reported to?
by: grahamd | last post by:
Who are the appropriate people to report security problems to in respect of a module included with the Python distribution? I don't feel it appropriate to be reporting it on general mailing lists.
Python
2
1839
Security Flaw: Any website can read your clipboard text
by: Sudar | last post by:
Web sites you visit can retrieve data from your clipboard depending on your security settings. Go to this page (www.clipboard.googlemyway.com) and see if anything shows up in the box. If you are using Firefox or Opera you probably won't see anything. However, if you are using Internet Explorer then chances are that whatever you last copied into your clipboard will be displayed.
Javascript
24
1669
Wouldnit be nice if the new version of Access.....
by: Bob Alston | last post by:
Could develop web pages that would interact with the access/jet database - like DAP but without the security flaw??? One of Access' competitors (Filemaker Pro as I recall) touts its EASY way to build web forms using its product. Sounds like they are trying to beat Access in a new venue - the web. Bob Alston bobalston9 AT yahoo DOT com
Microsoft Access / VBA
1
1113
Two Security Exceptions
by: Diego F. | last post by:
I'm really stuck with this. I have to export a pdf file and I'm using a dll (gios if someone knows it). If I run this in a local project it's ok but when moving it to a server, I get a Security.Exception: - If I try to send via http: "that assembly does not allow partially trusted callers" - If I try to save to disk: "request for the permission type 'System.Security.Permissions.FileIOPermission'
ASP.NET
11
1043
Security Flaw in dll (or am I wrong?)
by: Kevin Steffer [MCP] | last post by:
HI NG I have made a very nasty discovery on my dll files build from my ASP.NET projects in VS.NET 2003. In some of my codebehind files i have a private string that is my SQL Server connection string for example: public class myClass {
ASP.NET
14
3491
Connection String in .config file - Security Concerns
by: WebMatrix | last post by:
Hello, I have developed a web application that connects to 2 different database servers. The connection strings with db username + password are stored in web.config file. After a code review, one developer suggested that it's a security flaw; therefore connection strings should be kept somewhere else or encrypted. My argument is that web.config file is protected by IIS and Windows security which is the case. And another argument is that...
C# / C Sharp
8
1922
Critical javascript security flaw in firefox
by: Matt Kruse | last post by:
http://news.zdnet.com/2100-1009_22-6121608.html Hackers claim zero-day flaw in Firefox 09 / 30 / 06 | By Joris Evers SAN DIEGO--The open-source Firefox Web browser is critically flawed in the way it handles JavaScript, two hackers said Saturday afternoon. An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi...
Javascript
3
1292
Database security (non-existent?)
by: Annonymous Coward | last post by:
I recently downloaded and install SQLServer Express. I am considering using it as the backend db for my app (i.e. moving from the current PostgreSQL). I run sqlcmd without specifying any username or pwd, and I was suprised that I had access to the 'server', and could create and drop databses (admittedly I dropped only the dbs I created). This appears to be a *HUGE* security flaw - unless (I hope), I have missed something. Also, does...
Microsoft SQL Server
1
2064
Serious Security Flaw in Google Chrome
by: Guy Macon | last post by:
Serious Security Flaw in Google Chrome: http://www.readwriteweb.com/archives/security_flaw_in_google_chrome.php -- Guy Macon <http://www.GuyMacon.com/>
HTML / CSS
0
8465
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
8894
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8803
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
8587
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
7407
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
6210
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
4384
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
2792
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
2029
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us