HTA files WAS Re: [thelist] Automate zip?
Diane Soini
dianesoini at earthlink.net
Fri May 28 10:16:51 CDT 2004
I think the horror is how easy they are to create, that they can
execute commands on the file system. Sure, you can have security
setttings on high, but what if you don't? Or what if you are in the
trusted zone but a total computer programming novice and a terrible
programming accident occurs. Or what if there is some misfit at the
company with a grudge.
Likely other platforms have similar abilities, but I have not seen
anything so easy to do (and easy to disseminate and execute) as this.
(With one possible exception: I know somone who once accidentally typed
in rm -rf * at the root of his unix system. Oops.)
Nevertheless, it's a very convenient feature and solved my problem
perfectly. I used a file upload field to have the user point to the
directory they want zipped, rather than asking them to type into a
command line the rather lengthy path to the files. And the familiar
html interface helps the non-techie people on staff not be scared
looking at a command line.
> Thankfully, the default security settings on MSIE prevent you opening
> these
> from outside your trusted zone (don't know if my jargon is correct
> here) but
> basically you can't open these from the internet, so perhaps it's not
> quite
> the horror that Diane foresaw.
>
> Just a guess...
>
> David
On Friday, May 28, 2004, at 04:01 AM, thelist-request at lists.evolt.org
wrote:
> Subject: HTA files WAS Re: [thelist] Automate zip?
> Reply-To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
>
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> From: "Diane Soini" <dianesoini at earthlink.net>
> Subject: Re: [thelist] Automate zip?
>
> : Then I wrapped it all up in a .hta file. I had never seen one of
> those
> : before. The horror! No wonder Windows computers are so vulnerable.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Care to elaborate?
>
> Cheers
> Ken
***
Don't be afraid to try something new. An amateur built the ark.
Professionals built the Titanic. -unknown
More information about the thelist
mailing list