VB:获取编译的DLL的调用应用程序信息；COM安全 [英] VB: get compiled DLL's calling application info; COM security

问题描述

通过COM，可以潜在地获得对目标系统的绝对控制.例如:在IE中使用javascript的ActiveXObject对象，可以创建某些对象，这些对象旨在直接访问或与系统属性和文件进行交互.有人认为，常识要求用户在安装浏览器后立即禁用IE中的ActiveX功能，以确保他们的系统在网上冲浪时受到保护，或者至少密切关注他们允许的网站.但是，我怀疑许多普通的PC用户知道如何或为什么这样做，或者只是厌倦了随着时间的推移进行微操作.我认为任何PC用户或管理我的COM类的人都将非常感激不必处理这些.幸运的是，如今，IE版本似乎已默认禁用了ActiveX.

Through COM, one can potentially gain absolute control over a target system. For example: using javascript's ActiveXObject object in IE, one can create certain objects which were designed to have direct access or interaction with system properties and files. One would think common sense dictates users disable ActiveX features in IE immediately after installing the browser to ensure their system is protected while surfing the net, or at least paying close attention to which websites they permit. But, I doubt many average PC users know how or why to do this, or just get tired of mirco-managing it over time. I think any PC user or admin my COM class caters to would greatly appreciate not having to deal with that. Thankfully it looks like IE versions come packaged with ActiveX disabled by default nowadays.

我已经在VB中构建了非常通用的COM类库.我不打算在任何网站上都可以调用它，但是该功能只是COM平台的一部分.我想防止从IE调用该库，除非该网站位于白名单上，以主动保护用户(并最终保护他们的整个Intranet)免受恶意网站的伤害.在VB.Net中，最好的方法是告诉哪个应用程序调用了我的DLL，从而能够判断该应用程序是否是从IE发出的任何命令或进程中调用的?而且，哪个域称为我的dll?

I've built a very versatile COM class library in VB. I didn't intend for it to be callable from any website, but that feature is just part of the COM platform. I'd like to prevent the library from being called from IE unless the website is on a white-listed domain to proactively protect the user (and ultimately their entire intranet) from harm from malicious websites. What would be the best method in VB.Net to tell which application called my DLL, to be able to tell if it was called from any command or process originating from IE? And, what domain called my dll?

我相信这可能是重复的.请参阅:调用程序集以获取应用程序名称VB.NET

I believe this might be a duplicate. See: Calling Assembly to get Application Name VB.NET

System.Environment.GetCommandLineArgs()(0)为我提供了调用应用程序的路径.通过此信息，我可以将其与应用程序的黑/白名单进行比较.问题现在解决了.

System.Environment.GetCommandLineArgs()(0) gets me the calling application path. With this info, I can compare it to a black/white-list of applications. Problem solved for now.

推荐答案

不要将控件标记为脚本安全".

Don't mark the control as Safe for Scripting.

默认安全设置将不允许编写此类控件的脚本.

Default security settings will not allow such controls to be scripted.

这篇关于VB:获取编译的DLL的调用应用程序信息；COM安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！