RE: [ACFUG Discuss] Client side
it was designed for self service? maybe it's our implementation Dave From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas KnudsenSent: Friday, October 27, 2006 2:33 PMTo: discussion@acfug.orgSubject: Re: [ACFUG Discuss] Client side On 10/27/06, Dave Bellevue <[EMAIL PROTECTED]> wrote: Because the machines are corporate assets, they are in a controlledenvironment. Formerly, our client machines all had the same corporate imageand all had the .net framework installed and security settings set to allow client side .net code (delivered via our web site) to get the info itneeded.If we are reading the machine name from the machine, why would there be adata quality issue?The more info we get from the machine, the better we are able to target that machine for applications that pertain to it - patch delivery, enforcinghardware requirements, etc. you mentioned you had marimba in use, use it, this is what marimba was designed for, eh? DK Maybe I don't understand your point of view?Dave-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dean H. SaxeSent: Friday, October 27, 2006 11:51 AMTo: discussion@acfug.orgSubject: Re: [ACFUG Discuss] Client sideWhich still doesn't address the quality of the data...Why do you need this info from the client? What is the deploymentscenario? Why should any user trust your applet/ActiveX control? Why isn't it spyware?-dhsDean H. Saxe, CISSP, CEH[EMAIL PROTECTED]"Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free." -- Theodore Roosevelt, 1918On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: > Signed Java Applet>> I've been away from CF for a while, but am coming back into MX7>>>> Need to know what is the best (and/or easiest) way run code on the>> client machine - we need to gather information from the registry, >> find things like the machine name (http header vars are not reliable)>> and determine if processes are running and then pass that info into a>> page.>>>> Thanks,>> Dave Bellevue >>>>>>>>>> ->> To unsubscribe from this list, manage your profile @>> http://www.acfug.org?fa=login.edituserform>>>> For more info, see http://www.acfug.org/mailinglists Archive @>> http://www.mail-archive.com/discussion%40acfug.org/>> List hosted by http://www.fusionlink.com>> - >>>>>>>>>>>> -> To unsubscribe from this list, manage your profile @> http://www.acfug.org?fa=login.edituserform>> For more info, see http://www.acfug.org/mailinglists Archive @> http://www.mail-archive.com/discussion%40acfug.org/> List hosted by http://www.fusionlink.com> -> >>-To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com-- To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com--- Douglas Knudsenhttp://www.cubicleman.com this is my signature, like it? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
RE: [ACFUG Discuss] Client side
I wonder if you could use something akin to the following to open CCM/LiveState and in the catch redirect the browser to a URL that would log the ip address and provide a howto on installing CCM/LS. It's not guaranteed to work based on security settings and OS path settings. I'm sure that you could get a guaranteed-to-work solution, but it probably won't be free. :) function openOutlook(){ try{ var oShell = new ActiveXObject("Shell.application"); oShell.ShellExecute("C:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE",""); } catch(e){ } } -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dave Bellevue Sent: Friday, October 27, 2006 2:33 PM To: discussion@acfug.org Subject: RE: [ACFUG Discuss] Client side We did the whole self-service app push thing with .net with great success. All we need to do is gather info from the machine, not alter it - Marimba will do that. I'm just looking for an alternate method. As an example, we checked for a running process to insure that the user had CCM/LiveState installed and running on their machine. If they didn't, they were directed on how to get it. I'm in agreement that patches shouldn't be self-service for a whole host of reasons and we do have other solutions for that... But management has other ideas. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 1:33 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side My POV is based upon the fact that anyone who receives the code can modify it to change the data that is being retrieved. Alternatively, they don't need to use the client side code (applet, for instance) in order to send data to the application. Just because you think they will only use it as prescribed doesn't mean it really will be... If you're looking to do patch management there are plenty of solutions out there. McAfee ePolicy Orchestrator (I work for a division of MFE), BigFix, Peregrine, etc... why not look for an existing solution? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "[U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them" --John Perry Barlow On Oct 27, 2006, at 12:49 PM, Dave Bellevue wrote: > Because the machines are corporate assets, they are in a controlled > environment. Formerly, our client machines all had the same corporate > image and all had the .net framework installed and security settings > set to allow client side .net code (delivered via our web site) to get > the info it needed. > > If we are reading the machine name from the machine, why would there > be a data quality issue? > > The more info we get from the machine, the better we are able to > target that machine for applications that pertain to it - patch > delivery, enforcing hardware requirements, etc. > > Maybe I don't understand your point of view? > > Dave > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. > Saxe > Sent: Friday, October 27, 2006 11:51 AM > To: discussion@acfug.org > Subject: Re: [ACFUG Discuss] Client side > > Which still doesn't address the quality of the data... > > Why do you need this info from the client? What is the deployment > scenario? Why should any user trust your applet/ActiveX control? > Why isn't it spyware? > > -dhs > > > Dean H. Saxe, CISSP, CEH > [EMAIL PROTECTED] > "Free speech exercised both individually and through a free press, is > a necessity in any country where people are themselves free." > -- Theodore Roosevelt, 1918 > > > On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: > >> Signed Java Applet >>> I've been away from CF for a while, but am coming back into MX7 >>> >>> Need to know what is the best (and/or easiest) way run code on the >>> client machine - we need to gather information from the registry, >>> find things like the machine name (http header vars are not >>> reliable) >>> and determine if processes are running and then pass that info into >>> a page. >>> >>> Thanks, >>> Dave Bellevue >>> >>> >>> >>> >>> - >>> To unsubscribe from this list, manage your profile @ >>> http://www.acfug.org?fa=login.edituserform >>> >>> For more info, see http://www.acfug.org/mailinglists Archive @ >>> http://www.mail-archive.com/discussion%40acfug.org/ >>> List hosted b
RE: [ACFUG Discuss] Client side
We did the whole self-service app push thing with .net with great success. All we need to do is gather info from the machine, not alter it - Marimba will do that. I'm just looking for an alternate method. As an example, we checked for a running process to insure that the user had CCM/LiveState installed and running on their machine. If they didn't, they were directed on how to get it. I'm in agreement that patches shouldn't be self-service for a whole host of reasons and we do have other solutions for that... But management has other ideas. Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 1:33 PM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side My POV is based upon the fact that anyone who receives the code can modify it to change the data that is being retrieved. Alternatively, they don't need to use the client side code (applet, for instance) in order to send data to the application. Just because you think they will only use it as prescribed doesn't mean it really will be... If you're looking to do patch management there are plenty of solutions out there. McAfee ePolicy Orchestrator (I work for a division of MFE), BigFix, Peregrine, etc... why not look for an existing solution? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "[U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them" --John Perry Barlow On Oct 27, 2006, at 12:49 PM, Dave Bellevue wrote: > Because the machines are corporate assets, they are in a controlled > environment. Formerly, our client machines all had the same corporate > image and all had the .net framework installed and security settings > set to allow client side .net code (delivered via our web site) to get > the info it needed. > > If we are reading the machine name from the machine, why would there > be a data quality issue? > > The more info we get from the machine, the better we are able to > target that machine for applications that pertain to it - patch > delivery, enforcing hardware requirements, etc. > > Maybe I don't understand your point of view? > > Dave > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. > Saxe > Sent: Friday, October 27, 2006 11:51 AM > To: discussion@acfug.org > Subject: Re: [ACFUG Discuss] Client side > > Which still doesn't address the quality of the data... > > Why do you need this info from the client? What is the deployment > scenario? Why should any user trust your applet/ActiveX control? > Why isn't it spyware? > > -dhs > > > Dean H. Saxe, CISSP, CEH > [EMAIL PROTECTED] > "Free speech exercised both individually and through a free press, is > a necessity in any country where people are themselves free." > -- Theodore Roosevelt, 1918 > > > On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: > >> Signed Java Applet >>> I've been away from CF for a while, but am coming back into MX7 >>> >>> Need to know what is the best (and/or easiest) way run code on the >>> client machine - we need to gather information from the registry, >>> find things like the machine name (http header vars are not >>> reliable) >>> and determine if processes are running and then pass that info into >>> a page. >>> >>> Thanks, >>> Dave Bellevue >>> >>> >>> >>> >>> - >>> To unsubscribe from this list, manage your profile @ >>> http://www.acfug.org?fa=login.edituserform >>> >>> For more info, see http://www.acfug.org/mailinglists Archive @ >>> http://www.mail-archive.com/discussion%40acfug.org/ >>> List hosted by http://www.fusionlink.com >>> - >>> >>> >>> >>> >> >> >> >> - >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists Archive @ >> http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> - >> >> >> > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserf
Re: [ACFUG Discuss] Client side
On 10/27/06, Dave Bellevue <[EMAIL PROTECTED]> wrote: Because the machines are corporate assets, they are in a controlledenvironment. Formerly, our client machines all had the same corporate imageand all had the .net framework installed and security settings set to allow client side .net code (delivered via our web site) to get the info itneeded.If we are reading the machine name from the machine, why would there be adata quality issue?The more info we get from the machine, the better we are able to target that machine for applications that pertain to it - patch delivery, enforcinghardware requirements, etc.you mentioned you had marimba in use, use it, this is what marimba was designed for, eh? DK Maybe I don't understand your point of view?Dave-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Dean H. SaxeSent: Friday, October 27, 2006 11:51 AMTo: discussion@acfug.orgSubject: Re: [ACFUG Discuss] Client sideWhich still doesn't address the quality of the data...Why do you need this info from the client? What is the deploymentscenario? Why should any user trust your applet/ActiveX control? Why isn't it spyware?-dhsDean H. Saxe, CISSP, CEH[EMAIL PROTECTED]"Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free." -- Theodore Roosevelt, 1918On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: > Signed Java Applet>> I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the>> client machine - we need to gather information from the registry, >> find things like the machine name (http header vars are not reliable)>> and determine if processes are running and then pass that info into a>> page. Thanks,>> Dave Bellevue >> ->> To unsubscribe from this list, manage your profile @>> http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @>> http://www.mail-archive.com/discussion%40acfug.org/>> List hosted by http://www.fusionlink.com>> - -> To unsubscribe from this list, manage your profile @> http://www.acfug.org?fa=login.edituserform>> For more info, see http://www.acfug.org/mailinglists Archive @> http://www.mail-archive.com/discussion%40acfug.org/> List hosted by http://www.fusionlink.com> -> >>-To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com-- To unsubscribe from this list, manage your profile @http://www.acfug.org?fa=login.edituserformFor more info, see http://www.acfug.org/mailinglistsArchive @ http://www.mail-archive.com/discussion%40acfug.org/List hosted by http://www.fusionlink.com--- Douglas Knudsenhttp://www.cubicleman.com this is my signature, like it? - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
Re: [ACFUG Discuss] Client side
BTW, my concerns may be over the top for you. I'm sharing some thoughts, but you probably know your environment better than I do, so they may not apply directly. However, don't underestimate what your users know and can or cannot do. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "[U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them" --John Perry Barlow On Oct 27, 2006, at 1:33 PM, Dean H. Saxe wrote: My POV is based upon the fact that anyone who receives the code can modify it to change the data that is being retrieved. Alternatively, they don't need to use the client side code (applet, for instance) in order to send data to the application. Just because you think they will only use it as prescribed doesn't mean it really will be... If you're looking to do patch management there are plenty of solutions out there. McAfee ePolicy Orchestrator (I work for a division of MFE), BigFix, Peregrine, etc... why not look for an existing solution? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "[U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them" --John Perry Barlow On Oct 27, 2006, at 12:49 PM, Dave Bellevue wrote: Because the machines are corporate assets, they are in a controlled environment. Formerly, our client machines all had the same corporate image and all had the .net framework installed and security settings set to allow client side .net code (delivered via our web site) to get the info it needed. If we are reading the machine name from the machine, why would there be a data quality issue? The more info we get from the machine, the better we are able to target that machine for applications that pertain to it - patch delivery, enforcing hardware requirements, etc. Maybe I don't understand your point of view? Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 11:51 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side Which still doesn't address the quality of the data... Why do you need this info from the client? What is the deployment scenario? Why should any user trust your applet/ActiveX control? Why isn't it spyware? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free." -- Theodore Roosevelt, 1918 On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: Signed Java Applet I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Client side
My POV is based upon the fact that anyone who receives the code can modify it to change the data that is being retrieved. Alternatively, they don't need to use the client side code (applet, for instance) in order to send data to the application. Just because you think they will only use it as prescribed doesn't mean it really will be... If you're looking to do patch management there are plenty of solutions out there. McAfee ePolicy Orchestrator (I work for a division of MFE), BigFix, Peregrine, etc... why not look for an existing solution? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "[U]nconstitutional behavior by the authorities is constrained only by the peoples' willingness to contest them" --John Perry Barlow On Oct 27, 2006, at 12:49 PM, Dave Bellevue wrote: Because the machines are corporate assets, they are in a controlled environment. Formerly, our client machines all had the same corporate image and all had the .net framework installed and security settings set to allow client side .net code (delivered via our web site) to get the info it needed. If we are reading the machine name from the machine, why would there be a data quality issue? The more info we get from the machine, the better we are able to target that machine for applications that pertain to it - patch delivery, enforcing hardware requirements, etc. Maybe I don't understand your point of view? Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 11:51 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side Which still doesn't address the quality of the data... Why do you need this info from the client? What is the deployment scenario? Why should any user trust your applet/ActiveX control? Why isn't it spyware? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free." -- Theodore Roosevelt, 1918 On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: Signed Java Applet I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Client side
Because the machines are corporate assets, they are in a controlled environment. Formerly, our client machines all had the same corporate image and all had the .net framework installed and security settings set to allow client side .net code (delivered via our web site) to get the info it needed. If we are reading the machine name from the machine, why would there be a data quality issue? The more info we get from the machine, the better we are able to target that machine for applications that pertain to it - patch delivery, enforcing hardware requirements, etc. Maybe I don't understand your point of view? Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 11:51 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side Which still doesn't address the quality of the data... Why do you need this info from the client? What is the deployment scenario? Why should any user trust your applet/ActiveX control? Why isn't it spyware? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free." -- Theodore Roosevelt, 1918 On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: > Signed Java Applet >> I've been away from CF for a while, but am coming back into MX7 >> >> Need to know what is the best (and/or easiest) way run code on the >> client machine - we need to gather information from the registry, >> find things like the machine name (http header vars are not reliable) >> and determine if processes are running and then pass that info into a >> page. >> >> Thanks, >> Dave Bellevue >> >> >> >> >> - >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists Archive @ >> http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> - >> >> >> >> > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Client side
John, Signed applets don't really help address security issues. Sure, they ensure the code wasn't tampered with if the signature is valid. Nothing says I can't rip the signature off and modify the classes by either decompilation/recompilation or directly modifying the bytecode. Nothing prevents me from sending invalid data to the server without the applet. Signing is simply a method of performing servlet authentication. You still need to push java.policy files down to the client to allow the particular signed applet classes to be able to read from the registry, for instance. This may open some security vulnerabilities, if not done correctly. If you have GPO this can be done quite easily, but if you're using machines which don't run .Net, it sounds like you're probably SOL here. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "If liberty means anything at all, it means the right to tell people what they do not want to hear." -- George Orwell, 1945 On Oct 27, 2006, at 12:41 PM, [EMAIL PROTECTED] wrote: http://java.sun.com/developer/technicalArticles/Security/Signed/ with the assumption that the client machines have java installed. Short story is that we 'deliver' applications to machines in a corporate environment by initiating pulls via Marimba. We were doing this with .NET, and were able to gather information about the machine and verify that all the things were in place before a user requested an app - getting the machine name allowed us to track what was delivered, verifying that the correct processes were running so that the app would actually be delivered, a value stored in the registry told us that the machine was actually a valid corporate image. In this 'new' environment, we don't have the .net framework installed on the client side, and have machines that may not even be able to run it... Currently we aren't able to get ANY info off of the client. The more information we are able to gather, the better we can target the machine. Make any sense? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 11:03 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side You can't trust any client side information... so why are HTTP headers any less reliable than getting data from the registry? Also, what kind of data you get depends on the access level of the user. I wouldn't let just any code run client side and collect that type of information, its usually a hallmark of spyware. What exactly are you trying to do? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." -- Theodore Roosevelt On Oct 27, 2006, at 10:45 AM, Dave Bellevue wrote: I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Client side
Would something like this be useful? http://www.belarc.com/free_download.html mcg Dave Bellevue <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 10/27/2006 12:03 PM Please respond to discussion@acfug.org To discussion@acfug.org cc Subject RE: [ACFUG Discuss] Client side Short story is that we 'deliver' applications to machines in a corporate environment by initiating pulls via Marimba. We were doing this with .NET, and were able to gather information about the machine and verify that all the things were in place before a user requested an app - getting the machine name allowed us to track what was delivered, verifying that the correct processes were running so that the app would actually be delivered, a value stored in the registry told us that the machine was actually a valid corporate image. In this 'new' environment, we don't have the .net framework installed on the client side, and have machines that may not even be able to run it... Currently we aren't able to get ANY info off of the client. The more information we are able to gather, the better we can target the machine. Make any sense? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 11:03 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side You can't trust any client side information... so why are HTTP headers any less reliable than getting data from the registry? Also, what kind of data you get depends on the access level of the user. I wouldn't let just any code run client side and collect that type of information, its usually a hallmark of spyware. What exactly are you trying to do? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." -- Theodore Roosevelt On Oct 27, 2006, at 10:45 AM, Dave Bellevue wrote: > I've been away from CF for a while, but am coming back into MX7 > > Need to know what is the best (and/or easiest) way run code on the > client machine - we need to gather information from the registry, find > things like the machine name (http header vars are not reliable) and > determine if processes are running and then pass that info into a > page. > > Thanks, > Dave Bellevue > > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by FusionLink -
RE: [ACFUG Discuss] Client side
http://java.sun.com/developer/technicalArticles/Security/Signed/ with the assumption that the client machines have java installed. > Short story is that we 'deliver' applications to machines in a corporate > environment by initiating pulls via Marimba. > > We were doing this with .NET, and were able to gather information about > the > machine and verify that all the things were in place before a user > requested > an app - getting the machine name allowed us to track what was delivered, > verifying that the correct processes were running so that the app would > actually be delivered, a value stored in the registry told us that the > machine was actually a valid corporate image. > > In this 'new' environment, we don't have the .net framework installed on > the > client side, and have machines that may not even be able to run it... > Currently we aren't able to get ANY info off of the client. > > The more information we are able to gather, the better we can target the > machine. > > Make any sense? > > Thanks, > Dave > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe > Sent: Friday, October 27, 2006 11:03 AM > To: discussion@acfug.org > Subject: Re: [ACFUG Discuss] Client side > > You can't trust any client side information... so why are HTTP headers any > less reliable than getting data from the registry? Also, > what kind of data you get depends on the access level of the user. > I wouldn't let just any code run client side and collect that type of > information, its usually a hallmark of spyware. > > What exactly are you trying to do? > > -dhs > > > Dean H. Saxe, CISSP, CEH > [EMAIL PROTECTED] > "To announce that there must be no criticism of the president, or that we > are to stand by the president right or wrong, is not only unpatriotic and > servile, but is morally treasonable to the American public." > -- Theodore Roosevelt > > > On Oct 27, 2006, at 10:45 AM, Dave Bellevue wrote: > >> I've been away from CF for a while, but am coming back into MX7 >> >> Need to know what is the best (and/or easiest) way run code on the >> client machine - we need to gather information from the registry, find >> things like the machine name (http header vars are not reliable) and >> determine if processes are running and then pass that info into a >> page. >> >> Thanks, >> Dave Bellevue >> >> >> >> >> - >> To unsubscribe from this list, manage your profile @ >> http://www.acfug.org?fa=login.edituserform >> >> For more info, see http://www.acfug.org/mailinglists Archive @ >> http://www.mail-archive.com/discussion%40acfug.org/ >> List hosted by http://www.fusionlink.com >> - >> >> >> > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > > > > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > > - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Client side
Sure it makes sense. But the quality of data is questionable any time you depend on a client-side app. -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." -- Theodore Roosevelt On Oct 27, 2006, at 12:03 PM, Dave Bellevue wrote: Short story is that we 'deliver' applications to machines in a corporate environment by initiating pulls via Marimba. We were doing this with .NET, and were able to gather information about the machine and verify that all the things were in place before a user requested an app - getting the machine name allowed us to track what was delivered, verifying that the correct processes were running so that the app would actually be delivered, a value stored in the registry told us that the machine was actually a valid corporate image. In this 'new' environment, we don't have the .net framework installed on the client side, and have machines that may not even be able to run it... Currently we aren't able to get ANY info off of the client. The more information we are able to gather, the better we can target the machine. Make any sense? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 11:03 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side You can't trust any client side information... so why are HTTP headers any less reliable than getting data from the registry? Also, what kind of data you get depends on the access level of the user. I wouldn't let just any code run client side and collect that type of information, its usually a hallmark of spyware. What exactly are you trying to do? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." -- Theodore Roosevelt On Oct 27, 2006, at 10:45 AM, Dave Bellevue wrote: I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Client side
Which still doesn't address the quality of the data... Why do you need this info from the client? What is the deployment scenario? Why should any user trust your applet/ActiveX control? Why isn't it spyware? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "Free speech exercised both individually and through a free press, is a necessity in any country where people are themselves free." -- Theodore Roosevelt, 1918 On Oct 27, 2006, at 11:49 AM, [EMAIL PROTECTED] wrote: Signed Java Applet I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Client side
Was thinking something like that, although I'm not a Java developer As I remember, CF used to come with some stuff that would be delivered to the client machine for stuff like graphs (?)... Sounds like there's nothing like that that would do what I need that comes with MX7? Thanks... Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 27, 2006 11:50 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side Signed Java Applet > I've been away from CF for a while, but am coming back into MX7 > > Need to know what is the best (and/or easiest) way run code on the > client machine - we need to gather information from the registry, find > things like the machine name (http header vars are not reliable) and > determine if processes are running and then pass that info into a > page. > > Thanks, > Dave Bellevue > > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > > - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Client side
Short story is that we 'deliver' applications to machines in a corporate environment by initiating pulls via Marimba. We were doing this with .NET, and were able to gather information about the machine and verify that all the things were in place before a user requested an app - getting the machine name allowed us to track what was delivered, verifying that the correct processes were running so that the app would actually be delivered, a value stored in the registry told us that the machine was actually a valid corporate image. In this 'new' environment, we don't have the .net framework installed on the client side, and have machines that may not even be able to run it... Currently we aren't able to get ANY info off of the client. The more information we are able to gather, the better we can target the machine. Make any sense? Thanks, Dave -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dean H. Saxe Sent: Friday, October 27, 2006 11:03 AM To: discussion@acfug.org Subject: Re: [ACFUG Discuss] Client side You can't trust any client side information... so why are HTTP headers any less reliable than getting data from the registry? Also, what kind of data you get depends on the access level of the user. I wouldn't let just any code run client side and collect that type of information, its usually a hallmark of spyware. What exactly are you trying to do? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." -- Theodore Roosevelt On Oct 27, 2006, at 10:45 AM, Dave Bellevue wrote: > I've been away from CF for a while, but am coming back into MX7 > > Need to know what is the best (and/or easiest) way run code on the > client machine - we need to gather information from the registry, find > things like the machine name (http header vars are not reliable) and > determine if processes are running and then pass that info into a > page. > > Thanks, > Dave Bellevue > > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists Archive @ > http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
RE: [ACFUG Discuss] Client side
Coldfusion would have to be running on the client machine and you'd have to use cfregistry tag. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dave Bellevue Sent: Friday, October 27, 2006 10:46 AM To: discussion@acfug.org Subject: [ACFUG Discuss] Client side I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Client side
Signed Java Applet > I've been away from CF for a while, but am coming back into MX7 > > Need to know what is the best (and/or easiest) way run code on the client > machine - we need to gather information from the registry, find things > like > the machine name (http header vars are not reliable) and determine if > processes are running and then pass that info into a page. > > Thanks, > Dave Bellevue > > > > > - > To unsubscribe from this list, manage your profile @ > http://www.acfug.org?fa=login.edituserform > > For more info, see http://www.acfug.org/mailinglists > Archive @ http://www.mail-archive.com/discussion%40acfug.org/ > List hosted by http://www.fusionlink.com > - > > > > - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
re: [ACFUG Discuss] Client side
I'd suggest VBScript? http://p2p.wrox.com/topic.asp?TOPIC_ID=2759 /m > I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - < Mischa Uppelschoten The Banker's Exchange, Inc. 2020 Hills Avenue NW Atlanta, GA 30318 Phone:(404) 605-0100 ext. 10 Fax:(404) 355-7930 Web:www.BankersX.com Follow this link for Instant Web Chat: http://www.bankersx.com/Contact/chat.cfm?Queue=MUPPELSCHOTEN - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
Re: [ACFUG Discuss] Client side
You can't trust any client side information... so why are HTTP headers any less reliable than getting data from the registry? Also, what kind of data you get depends on the access level of the user. I wouldn't let just any code run client side and collect that type of information, its usually a hallmark of spyware. What exactly are you trying to do? -dhs Dean H. Saxe, CISSP, CEH [EMAIL PROTECTED] "To announce that there must be no criticism of the president, or that we are to stand by the president right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public." -- Theodore Roosevelt On Oct 27, 2006, at 10:45 AM, Dave Bellevue wrote: I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com - - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -
[ACFUG Discuss] Client side
I've been away from CF for a while, but am coming back into MX7 Need to know what is the best (and/or easiest) way run code on the client machine - we need to gather information from the registry, find things like the machine name (http header vars are not reliable) and determine if processes are running and then pass that info into a page. Thanks, Dave Bellevue - To unsubscribe from this list, manage your profile @ http://www.acfug.org?fa=login.edituserform For more info, see http://www.acfug.org/mailinglists Archive @ http://www.mail-archive.com/discussion%40acfug.org/ List hosted by http://www.fusionlink.com -