View previous topic :: View next topic |
Author |
Message |
cnodnarb Professional Member
Joined: 11 Sep 2002 Posts: 762 Location: Rockeledge, GA
|
Posted: Wed May 18, 2011 1:26 am Post subject: Visual Web Applications One Click Deployment |
|
|
Setup URL
http://dl.dropbox.com/u/28521507/vwasetup.exe
Code: |
Visual Web Application Protocol
by Brandon Cunningham
===============================
End User
===============================
This protocol is meant to act as a safe way to deploy and execute "One Click" controlled code in a restricted mode from the web while browsing.
Normally executable code is unmanaged (XP) / or has only lightly restricted access (Vista, 7) that may damage your operating system installation. By running managed code via the VWA Protocol you are ensuring the program is safe to run and will not damage your hardware or your Operating System installation.
===============================
Developers
===============================
Developers should be aware that code ran in VWA is ran in 'Restricted' (0x10000) mode. This means that most ActiveX and certain API calls may not function as anticipated.
VWA's (Visual Web Applications) are deployed via the zip compressed folder format. In order to have your code execute properly you must have the executable in the root folder of the zip and it must have the same name as the zip file. So if the zip is "myapp.zip" then the executable would be "myapp.exe".
To link to your VWA you simply have to invoke the protocol using common methods <a href="vwa://mydotcom.com/myprog.zip">Launch My Program!</a>.
The protocol has three seperate invoke methods: VWA, VWAS and VWAP. If your file resides at an 'http' address invoke 'vwa', if 'https' invoke 'vwas' and if 'ftp' invoke 'vwap'.
Be certain to include all runtimes in your zip folder or advise the user to install them before your application is ran.
===============================
Advisement
===============================
This application makes a reasonable attempt to cause executable files to be safe to run, and uses an approved method for 32 and 64 bit operating systems to restrict said executable files. DO NOT run any code from a source/publisher you do not trust. It is up to you as the user to make a reasonable attempt to protect yourself. I do not believe installing this application poses a severe risk to your system from unsolicited code execution although it does increase such risk very moderately. Other competitive "One Click Deployment" methods are likely already installed on your system that in some cases allow unrestricted execution.
===============================
Disclaimer
===============================
This software is free to use, but Brandon Cunningham owns it. Reverse engineering prohibited. Web distribution is limited to Brandon Cunningham's publications, which you may freely link to but you may not republish this file to the internet. In the case of private internal deployment (corporate networks, etc) this software may reside on a network for redistribution. This software may be redistributed on removable media. Brandon Cunningham is not responsible for any damage due to other software deployed using this software.
|
Setup URL
http://dl.dropbox.com/u/28521507/vwasetup.exe |
|
Back to top |
|
|
briguy Contributor
Joined: 09 Aug 2007 Posts: 79
|
Posted: Sat May 28, 2011 12:44 pm Post subject: |
|
|
Brandon,
Brilliant Program.. I am having a few issues running this program could be just me or how Im trying to run this.
BTW your install link works for me.
I'm getting this error.
C:\visual Web Application\fetch.vbs
Line 11
char 1
The system cannot locate the resource specified
code 800c0005
source: msxml3.dll
then
C:\visual Web Application\unzip.vbs
line 10
char 1
error object required: objapp.namespace(...)'
code 800a01a8
source microsoft vbscript runtime error
This is how Im running it.
vwa://home-pc/calc.zip
or
vwa://127.0.0.1/calc.zip
I havent tried it outside of my local box maybe this is the issue.
Also if I may suggest an improvement that would be really cool and add another security level to your program.
Have a way to generate an encrypted md5 hash of the zips deployed. another words require all zip archives that are put into the web applicattion directory will have to have an MD5 hash generated from your program "a gui deploy interface" then have that md5 hash encrypted by the user / deployer of the programs.
Have that encryption key "dont beleive it needs to be crazy strong" stored in the registry or somewhere else and check for the proper pw and hash before running.
At this point if someone was trying to inject a program into the web application directory they would need to try to decrypt the hash before trying to pad the rouge program to fit the md5 hash.. honestly not sure if thats easly done or not but I'm sure it could be.
Anyway.. I like your program. very cool idea. |
|
Back to top |
|
|
cnodnarb Professional Member
Joined: 11 Sep 2002 Posts: 762 Location: Rockeledge, GA
|
Posted: Sun May 29, 2011 12:39 am Post subject: |
|
|
Thank you so much for using my software
What web server software are we using so I can address the fetch failure?
I get these exact same errors when I click a link that leads to nothing (invalid VWA URL).
Also of note multiple instancing is not (yet) possible even when the protocol works properly, hangs on copying (unzipping) the following instances.
At first I had a very complicated signing schema via twofish that I would charge a small processing fee to obtain signatures, but this fell through due to VDS weak encryption of executables themselves. What you suggest isn't so bad though, a simple MD5 hash within the zip file to verify it (the executable) wasn't corrupted.
The protocol maybe rehashed into VB6, VB.NET does not meet my encryption strength requirements either, so don't feel bad VDS
Currently I've tested the protocol only on Dropbox URL's, so whatever server they use is fully compatible with fetch.vbs |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum
|
|