forum.vdsworld.com Forum Index forum.vdsworld.com
Visit VDSWORLD.com
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Visual Web Applications One Click Deployment

 
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> Other Product Support/Announcements
View previous topic :: View next topic  
Author Message
cnodnarb
Professional Member
Professional Member


Joined: 11 Sep 2002
Posts: 762
Location: Rockeledge, GA

PostPosted: Wed May 18, 2011 1:26 am    Post subject: Visual Web Applications One Click Deployment Reply with quote

Setup URL
http://dl.dropbox.com/u/28521507/vwasetup.exe

Code:

Visual Web Application Protocol
by Brandon Cunningham
===============================
End User
===============================
   This protocol is meant to act as a safe way to deploy and execute "One Click" controlled code in a restricted mode from the web while browsing.

   Normally executable code is unmanaged (XP) / or has only lightly restricted access (Vista, 7) that may damage your operating system installation. By running managed code via the VWA Protocol you are ensuring the program is safe to run and will not damage your hardware or your Operating System installation.
   
===============================
Developers
===============================
   Developers should be aware that code ran in VWA is ran in 'Restricted' (0x10000) mode. This means that most ActiveX and certain API calls may not function as anticipated.

   VWA's (Visual Web Applications) are deployed via the zip compressed folder format. In order to have your code execute properly you must have the executable in the root folder of the zip and it must have the same name as the zip file. So if the zip is "myapp.zip" then the executable would be "myapp.exe".

   To link to your VWA you simply have to invoke the protocol using common methods <a href="vwa://mydotcom.com/myprog.zip">Launch My Program!</a>.

   The protocol has three seperate invoke methods: VWA, VWAS and VWAP. If your file resides at an 'http' address invoke 'vwa', if 'https' invoke 'vwas' and if 'ftp' invoke 'vwap'.

   Be certain to include all runtimes in your zip folder or advise the user to install them before your application is ran.

===============================
Advisement
===============================
   This application makes a reasonable attempt to cause executable files to be safe to run, and uses an approved method for 32 and 64 bit operating systems to restrict said executable files. DO NOT run any code from a source/publisher you do not trust. It is up to you as the user to make a reasonable attempt to protect yourself. I do not believe installing this application poses a severe risk to your system from unsolicited code execution although it does increase such risk very moderately. Other competitive "One Click Deployment" methods are likely already installed on your system that in some cases allow unrestricted execution.

===============================
Disclaimer
===============================
   This software is free to use, but Brandon Cunningham owns it. Reverse engineering prohibited. Web distribution is limited to Brandon Cunningham's publications, which you may freely link to but you may not republish this file to the internet. In the case of private internal deployment (corporate networks, etc) this software may reside on a network for redistribution. This software may be redistributed on removable media. Brandon Cunningham is not responsible for any damage due to other software deployed using this software.

Setup URL
http://dl.dropbox.com/u/28521507/vwasetup.exe
Back to top
View user's profile Send private message AIM Address
briguy
Contributor
Contributor


Joined: 09 Aug 2007
Posts: 79

PostPosted: Sat May 28, 2011 12:44 pm    Post subject: Reply with quote

Brandon,

Brilliant Program.. I am having a few issues running this program could be just me or how Im trying to run this.

BTW your install link works for me.

I'm getting this error.

C:\visual Web Application\fetch.vbs
Line 11
char 1
The system cannot locate the resource specified
code 800c0005
source: msxml3.dll

then

C:\visual Web Application\unzip.vbs
line 10
char 1
error object required: objapp.namespace(...)'
code 800a01a8
source microsoft vbscript runtime error

This is how Im running it.
vwa://home-pc/calc.zip
or
vwa://127.0.0.1/calc.zip

I havent tried it outside of my local box maybe this is the issue.

Also if I may suggest an improvement that would be really cool and add another security level to your program.

Have a way to generate an encrypted md5 hash of the zips deployed. another words require all zip archives that are put into the web applicattion directory will have to have an MD5 hash generated from your program "a gui deploy interface" then have that md5 hash encrypted by the user / deployer of the programs.

Have that encryption key "dont beleive it needs to be crazy strong" stored in the registry or somewhere else and check for the proper pw and hash before running.

At this point if someone was trying to inject a program into the web application directory they would need to try to decrypt the hash before trying to pad the rouge program to fit the md5 hash.. honestly not sure if thats easly done or not but I'm sure it could be.

Anyway.. I like your program. very cool idea.
Back to top
View user's profile Send private message
cnodnarb
Professional Member
Professional Member


Joined: 11 Sep 2002
Posts: 762
Location: Rockeledge, GA

PostPosted: Sun May 29, 2011 12:39 am    Post subject: Reply with quote

Thank you so much for using my software Razz

What web server software are we using so I can address the fetch failure?

I get these exact same errors when I click a link that leads to nothing (invalid VWA URL).

Also of note multiple instancing is not (yet) possible even when the protocol works properly, hangs on copying (unzipping) the following instances.

At first I had a very complicated signing schema via twofish that I would charge a small processing fee to obtain signatures, but this fell through due to VDS weak encryption of executables themselves. What you suggest isn't so bad though, a simple MD5 hash within the zip file to verify it (the executable) wasn't corrupted.

The protocol maybe rehashed into VB6, VB.NET does not meet my encryption strength requirements either, so don't feel bad VDS Wink

Currently I've tested the protocol only on Dropbox URL's, so whatever server they use is fully compatible with fetch.vbs
Back to top
View user's profile Send private message AIM Address
Display posts from previous:   
Post new topic   Reply to topic    forum.vdsworld.com Forum Index -> Other Product Support/Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Twitter@vdsworld       RSS

Powered by phpBB © 2001, 2005 phpBB Group