Windows Explorer extension: how to handle opening links? - com

I'm working on a specific document management system (DMS) which has, for design sake, a Tortoise-like Explorer extension. The simple part (custom context menu) is done, because there are a lot of resources, describing how to do it. (For instance, http://www.codeproject.com/Articles/830/The-Complete-Idiot-s-Guide-to-Writing-Shell-Extens).
But I have faced a feature request to handle opening .lnk files (in Windows Explorer, of course) and process them (if needed) using the DMS instead of the standard verbs. I'm not sure whether it's possible at all using a COM callback interface (due to security reasons). I would avoid low-level techniques like hooks at all costs. Anyway it's supposed that our users work as admins, have all privileges etc.
Regards,

Related

HCL domino add entries to view externaly

I have a hcl application to whose View I want to add entries from my local pc. I have very little knowledge about HCL in genral and have been looking for a soultion for days now without any success. Maybe Im looking at the wrong places but there was little to find. All I know right now is that I will probably end up sending my local data for the entries via postman and I do have to make an agent?/method that is accessable via browser that can receive these information and make entries with them.
I was just pushed into this thing. I wouldnt mind some usefull links to build my foundation as well.
There are many ways to add documents to a Notes/Domino database.
You are not very specific, it is not even clear if you want to do it programmatically. As Torsten said in his comment to your original post, there are many ways to do that.
Here are a couple:
Using the Notes rich client.
Through a web browser, accessing a web-enabled Domino database. This assumes the creator of the database has exposed the functionality to create documents on the web.
Use COM (or Java) to create the documents from an external scriptable application or using a programming language/platform supporting COM:
https://help.hcltechsw.com/dom_designer/9.0.1/appdev/H_EXAMPLES_ACCESSING_THE_DOMINO_OBJECTS_THROUGH_COM.html
Call a REST service on the Domino server that will create new documents. You can write a REST service using Lotusscript, Java or XPages:
https://www.slideshare.net/TexasSwede/break-out-of-the-box-part-2 (you can skip to slide 19)
Use Domino Access Services (DAS), a framework for adding REST services to Domino. A DAS service is implemented in Java and deployed as an OSGi plug-in:
https://ds-infolib.hcltechsw.com/ldd/ddwiki.nsf/dx/Create_your_own_Domino_REST_service_using_DAS
and
https://www.slideshare.net/JohnDalsgaard/engage-ug-rest-services-2015
Use node.js and the Domino AppDev Pack: https://doc.cwpcollaboration.com/appdevpack/docs/en/homepage.html
and
http://www.c3ug.ca/c3ug-blog/2020/6/30/announcement-learning-the-domino-appdev-pack-a-free-course-from-c3ug
There are probably a few more ways that I am forgetting...
Before you do anything else, you need to learn more about the Domino platform, the structure of a database, and the proper terminology used in Domino. If you don't understand the basics, you will not be able to write any kind of integration with Domino.

Can cgi scripts be downloaded by an attacker?

I have a rather simple question but could not find an answer on the internet so far:
Is there any way an attacker can download a CGI Script (Perl, Python, whatever) from a webpage?
Or in other words: Is it a security risk to have sensible information (e.g. access keys to another service) within a cgi script?
Thanks!
Is there any way an attacker can download a CGI Script (Perl, Python, whatever) from a webpage?
The design of web servers tries to prevent this, but the design of web applications should assume this. - i.e. It's not how it's supposed to work, but it's not at all uncommon. Whether or not it's possible depends on why you're asking the question.
There may be a way for a particular hacker to download a script from your webpage, if he had an attack vector that was worth their time to do so.
This answer to another question (though relating to PHP, principles are the same), explains in a good amount of detail some of the factors that can lead to an exploit.
Is it a security risk to have sensible information (e.g. access keys to another service) within a cgi script?
Yes. While there's always risk, and the acceptability of that risk depends on your application and specific tradeoffs, this particular scenario has two major flaws (if not more):
If anything went wrong with your server, or CGI handler, you could have a public facing text file
It's just so, so easy, just to not put the private key there.
Even if the private key only accessed a VM on a free tier which did nothing but return the weather in your local city, you should at least employ a model where private keys are not accessible by the web server user (i.e. www-data, etc). i.e. You could have your CGI handler simply pass the paramaters/arguments to another local service to parse and invoke the actions required.

Tracking file changes done by an external apps

Is it possible to get a handle on a file which is opened by any external app via my application?
Using Cloud-Storage Apps as an example, I would like to track changes to a file opened via the Storage-Provider App, so the manipulated file can be uploaded again afterwards.
There are two possible answers here, depending on what kind of app you're implementing.
For general tracking purposes, you can try using the ContentsChanged event of the StoreFolderQueryResult/StorageFileQueryResult classes within Windows.Storage.Search. That is, you create a file or folder query for what you want to watch, and then register an event handler. Generally speaking, this works well for stuff on the local file system; it's not guaranteed if you're trying to run a query on files/folders whose backing store is elsewhere.
The subject is too detailed to be described here, but you can refer the "File and Folder Queries" in Chapter 11 of my free ebook Programming Windows Store Apps with HTML, CSS, and JavaScript, Second Edition, page 607. Even though I focus on JS as a language, the discussions of WinRT APIs like this are useful when working in any language...plus the ebook is free so there's nothing to lose.
The other mechanism would be useful if you're implementing an app that provides the interface to a cloud storage backend, like the OneDrive app that's part of Windows. In this case you'd want to use the CachedFileUpdater contract. See Appendix D, page 1288, of my aforementioned book.

How do I talk to my TransportAgent?

So I have my TransportAgent (sort of) working. How do I talk to it to configure it? And I need to allow individual users to make settings for their account (like an anti-virus being given a white-list for a specific user). I need this for Exchange 2007/2010/2013 so I assume EWS is out. I would like to have:
I can write an Outlook AddIn that communicates including the user
identification so I know who to set things for.
A web page that
provides the same (part of the web mail_server/owa web page is
fine).
A means for administrators to set both system config and
individual user settings. Using whatever means for the U.I. that is
standard.
Also, is there a good book out there that covers all of writing TransportAgents, including questions like these?

Mac Post Events to specific background windows

I am trying to create an accessibility app that will type in multiple windows at once, neither of which are owned by my app. For instance, let's say you have two Microsoft word documents open. When you hit a keystroke I want the command to go to both windows.
I have tried using Quartz events services, but it looks like it will only allow you to post to events either on a global or process level. But if two windows are running for the same process, how do I post to a specific window?
There's also the issue of the person typing in one window, while the content is being copied to the next.
Is it possible to post to a single window?
PS I know it's possible to do this in Windows
MacOS X includes a few tools which may be helpful. You should look into the Accessibility framework, Automator actions, and AppleScript. You should also be aware of application-specific solutions; in the case of Word, for example, you might look at VBA (Visual Basic for Applications). All of these tools provide ways that you can modify the content of other applications. Unfortunately, the level of support for each one varies from one application to another, and the way they're used also varies. So, it's unlikely that you'll find a single solution that works for all applications.
It's unlikely that you'll find a way to insert events directly into another process's event queue. That'd be a huge security hole, for one thing. Even if you could do that, you really wouldn't be able to target specific windows with your events. Mac applications use a responder chain that sends keystrokes to the "first responder", usually a component of the active window.