From: Goran on
On May 10, 2:13 pm, "vvf" <v...(a)vvf.com> wrote:
> "Goran" <goran.pu...(a)gmail.com> wrote in message
>
> news:22ebf116-55a4-4338-b0fc-55a347144285(a)a34g2000yqn.googlegroups.com...
> On May 10, 10:36 am, "vvf" <v...(a)vvf.com> wrote:
>
> > Hi All,
>
> > ==Problem statement==
>
> > I have a MFC application that hosts a CDHtmlDialog window responsable with
> > navigating through a series of HTML files stored on the local disk drive.
> > The HTML files refer to some PNG images as well. I would like to ensure
> > access to these HTML files and their associated PNG files ONLY through my
> > application. In other words, I don't want the user to be able to use the
> > local browser to open them and/or copy them somewhere else.
> > This obviously begs the question: why?
>
> The application is not free. A lot of the "value" that the application
> provides is in the HTML files (by means of their content).

First, did your users pay for your app, one way or another? If so, the
"value" is theirs.

Second, do you e.g. have an EULA, where you say "this program contains
copyrighted digital content; any use out of what's described by this
EULA is considered copyright violation?" Perhaps you should try this
first. Perhaps you should say to people outright "I don't want you to
use these images you bought and have on your computer", see how that
pans out first. You see where I am going with this? I think that
you're going overboard. And I also want to add: "application is not
free" does not mean "I get to tell you what you can do with it" (it
looks to me that you are in these waters).


> Therefore, I don't want the users to be able to just copy the HTML files,
> e-mail them or whatever they would do to "share" them.
>
> > Why do you think that your users should put up with such a program?
>
> My only requirement is for people to just execute the "main .exe" file of
> the program. This not only provides "context" for the HTML files,
> but is the only "supported" scenario for this application to run. I don't
> see why this would be such a huge problem as to wonder why a user
> should "put up" with something like this.

Yes, I went overboard there, sorry about that.

>
> > If your "base" url is "res://MyApp.exe/myfile.html", then e.g. <img
> > src="myimage.png...> should do it. BTW, using numeric identifiers is a
> > PITA in this situation, don't toorture yourself.
>
> Thanks for your suggestion. For some reason, I thought I tried that but it
> didn't work. I will try it again and come back with some results.

Hmmm... In your resources, you can have something like:

Pic.gif HTML "res\Pic.gif"
Pic.png HTML "res\Pic.png"

In your *.html, you can have something like:
....
<img src="pic.gif" />
<img src="pic.png" />
....

I just tried that, it works. (IE8 on 64-bit Vista, but my exe was 32-
bit one).

> > Attempt 2. Encrypt/archive the HTML files and images. When the application
> > runs, it decrypts/decompresses the HTML and images and when the user exits
> > the application, it re-encrypts/re-compresses the files.
> > This is completely different from your first idea. With your first
> > idea, there's no "protection" at all. Your user can still open the
> > *.exe from a resource editor and see all your stuff. You seriously
> > mixed apples and oranges.
>
> OK. I should have been a little bit more clear:
>
> > That said, question is: who are you protecting yourself from?
>
> I just don't want the HTML files to be copied somewhere else or be sent to
> somebody else.

Your first idea was to put them in resources. That's easily taken out
of the *.exe. Note also that you users can right-click on the image
viewed in your dialog's HTML and say "save picture as". What then? If
you try to outsmart them with scripting, they can turn scripting off,
and you can't control that.

Please listen to Joe and me (and I am sure other people here will tell
you roughly the same) and don't put effort in this. In my opinion,
this is silly. Spent your time working on functionality, not on user
control.

Goran.
From: vvf on
Hi Goran,


> Hmmm... In your resources, you can have something like:

> Pic.gif HTML "res\Pic.gif"
> Pic.png HTML "res\Pic.png"

> In your *.html, you can have something like:
> ...
> <img src="pic.gif" />
> <img src="pic.png" />
> ...

> I just tried that, it works. (IE8 on 64-bit Vista, but my exe was 32-
> bit one).

You are right. That works. However, what I can't get to work is to actually
link to a HTML file.

For example, if I do:

test.html HTML "myTest.html",

and then I do

<A HREF="test.html">Test</A>

it doesn't work. It only works if I use the resource ID (i.e., #id_number).

> Your first idea was to put them in resources. That's easily taken out
> of the *.exe.

Not if I compress the .exe with an in-place decompressor when the file runs.
See for example upx.

> Note also that you users can right-click on the image
> viewed in your dialog's HTML and say "save picture as". What then?

They can't. I added a transparent layer on top of the picture. :)

> If you try to outsmart them with scripting, they can turn scripting off,
> and you can't control that.

Right, I understand that I shouldn't "fight" the user like that. It is just
asking for trouble. Thanks for all your suggestions.

> Please listen to Joe and me (and I am sure other people here will tell
> you roughly the same) and don't put effort in this. In my opinion,
> this is silly. Spent your time working on functionality, not on user
> control.

I will. Thanks a lot for everything!

vvf




__________ Information from ESET Smart Security, version of virus signature database 5103 (20100510) __________

The message was checked by ESET Smart Security.

http://www.eset.com




From: vvf on
Hi Joe,

Thanks for your message.

> ****
> What does any of this have to do with the concept of a RAM disk? Nothing
> whatsoever, as
> far as I can tell.
> ****

Well, I naively thought that I could just start with all the files
compressed and then uncompress them to a "RAM disk" that would only be
visible to my application but I thought about it more and that just doesn't
make any sense...

vvf



__________ Information from ESET Smart Security, version of virus signature database 5103 (20100510) __________

The message was checked by ESET Smart Security.

http://www.eset.com




From: vvf on

> You are right. That works. However, what I can't get to work is to
> actually
> link to a HTML file.
>
> For example, if I do:
>
> test.html HTML "myTest.html",
>
> and then I do
>
> <A HREF="test.html">Test</A>
>
> it doesn't work. It only works if I use the resource ID (i.e.,
> #id_number).
>

Well, it seems that it doesn't work if I have a file of the form x.y.htm; In
other words, it only works as x.htm (i.e., one period, not more than one.)

vvf



__________ Information from ESET Smart Security, version of virus signature database 5103 (20100510) __________

The message was checked by ESET Smart Security.

http://www.eset.com




From: Goran on
On May 11, 10:45 am, "vvf" <v...(a)vvf.com> wrote:
> Hi Goran,
>
> > Hmmm... In your resources, you can have something like:
> > Pic.gif                 HTML                    "res\Pic.gif"
> > Pic.png                 HTML                    "res\Pic.png"
> > In your *.html, you can have something like:
> > ...
> >  <img src="pic.gif" />
> >  <img src="pic.png" />
> > ...
> > I just tried that, it works. (IE8 on 64-bit Vista, but my exe was 32-
> > bit one).
>
> You are right. That works. However, what I can't get to work is to actually
> link to a HTML file.
>
> For example, if I do:
>
> test.html HTML "myTest.html",
>
> and then I do
>
> <A HREF="test.html">Test</A>
>
> it doesn't work. It only works if I use the resource ID (i.e., #id_number).

this worked for me:
*.rc
otherPage.htm HTML "otherPage.htm"
*.htm
<a href="otherPage.htm">link text</a>

Of course, this only displays HTML within the confines of the dialog,
which might not be what you're expecting.

>
> > Your first idea was to put them in resources. That's easily taken out
> > of the *.exe.
>
> Not if I compress the .exe with an in-place decompressor when the file runs.
> See for example upx.

Your users can do same thing (decompress what's inside).

>
> > Note also that you users can right-click on the image
> > viewed in your dialog's HTML and say "save picture as". What then?
>
> They can't. I added a transparent layer on top of the picture. :)

They can edit resources inside the *.exe (e.g. first, "View Source",
then go and change the *.html) so that said transparent layer does not
cover it.

BTW, if you really only want to "keep honest people honest", perhaps
putting your stuff in a bit more obscure location (e.g.
CSIDL_COMMON_APPDATA\your_company\your_program\put_it_here) could do
the trick. But normally, you should be able to get away with "all html
in resources" approach. I don't understand why you are having problems
with img and a, it's rather straightforward, I just tried on a test
project. (I too, just like Joe, think that CDhtmlDialog is a dumb
idea).

Goran.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: SetGet control input
Next: Copy constructor