RAM Disk
in [MFC]
|
Prev: SetGet control input
Next: Copy constructor
From: Goran on 11 May 2010 03:14 On May 10, 2:13 pm, "vvf" <v...(a)vvf.com> wrote: > "Goran" <goran.pu...(a)gmail.com> wrote in message > > news:22ebf116-55a4-4338-b0fc-55a347144285(a)a34g2000yqn.googlegroups.com... > On May 10, 10:36 am, "vvf" <v...(a)vvf.com> wrote: > > > Hi All, > > > ==Problem statement== > > > I have a MFC application that hosts a CDHtmlDialog window responsable with > > navigating through a series of HTML files stored on the local disk drive. > > The HTML files refer to some PNG images as well. I would like to ensure > > access to these HTML files and their associated PNG files ONLY through my > > application. In other words, I don't want the user to be able to use the > > local browser to open them and/or copy them somewhere else. > > This obviously begs the question: why? > > The application is not free. A lot of the "value" that the application > provides is in the HTML files (by means of their content). First, did your users pay for your app, one way or another? If so, the "value" is theirs. Second, do you e.g. have an EULA, where you say "this program contains copyrighted digital content; any use out of what's described by this EULA is considered copyright violation?" Perhaps you should try this first. Perhaps you should say to people outright "I don't want you to use these images you bought and have on your computer", see how that pans out first. You see where I am going with this? I think that you're going overboard. And I also want to add: "application is not free" does not mean "I get to tell you what you can do with it" (it looks to me that you are in these waters). > Therefore, I don't want the users to be able to just copy the HTML files, > e-mail them or whatever they would do to "share" them. > > > Why do you think that your users should put up with such a program? > > My only requirement is for people to just execute the "main .exe" file of > the program. This not only provides "context" for the HTML files, > but is the only "supported" scenario for this application to run. I don't > see why this would be such a huge problem as to wonder why a user > should "put up" with something like this. Yes, I went overboard there, sorry about that. > > > If your "base" url is "res://MyApp.exe/myfile.html", then e.g. <img > > src="myimage.png...> should do it. BTW, using numeric identifiers is a > > PITA in this situation, don't toorture yourself. > > Thanks for your suggestion. For some reason, I thought I tried that but it > didn't work. I will try it again and come back with some results. Hmmm... In your resources, you can have something like: Pic.gif HTML "res\Pic.gif" Pic.png HTML "res\Pic.png" In your *.html, you can have something like: .... <img src="pic.gif" /> <img src="pic.png" /> .... I just tried that, it works. (IE8 on 64-bit Vista, but my exe was 32- bit one). > > Attempt 2. Encrypt/archive the HTML files and images. When the application > > runs, it decrypts/decompresses the HTML and images and when the user exits > > the application, it re-encrypts/re-compresses the files. > > This is completely different from your first idea. With your first > > idea, there's no "protection" at all. Your user can still open the > > *.exe from a resource editor and see all your stuff. You seriously > > mixed apples and oranges. > > OK. I should have been a little bit more clear: > > > That said, question is: who are you protecting yourself from? > > I just don't want the HTML files to be copied somewhere else or be sent to > somebody else. Your first idea was to put them in resources. That's easily taken out of the *.exe. Note also that you users can right-click on the image viewed in your dialog's HTML and say "save picture as". What then? If you try to outsmart them with scripting, they can turn scripting off, and you can't control that. Please listen to Joe and me (and I am sure other people here will tell you roughly the same) and don't put effort in this. In my opinion, this is silly. Spent your time working on functionality, not on user control. Goran.
From: vvf on 11 May 2010 04:45 Hi Goran, > Hmmm... In your resources, you can have something like: > Pic.gif HTML "res\Pic.gif" > Pic.png HTML "res\Pic.png" > In your *.html, you can have something like: > ... > <img src="pic.gif" /> > <img src="pic.png" /> > ... > I just tried that, it works. (IE8 on 64-bit Vista, but my exe was 32- > bit one). You are right. That works. However, what I can't get to work is to actually link to a HTML file. For example, if I do: test.html HTML "myTest.html", and then I do <A HREF="test.html">Test</A> it doesn't work. It only works if I use the resource ID (i.e., #id_number). > Your first idea was to put them in resources. That's easily taken out > of the *.exe. Not if I compress the .exe with an in-place decompressor when the file runs. See for example upx. > Note also that you users can right-click on the image > viewed in your dialog's HTML and say "save picture as". What then? They can't. I added a transparent layer on top of the picture. :) > If you try to outsmart them with scripting, they can turn scripting off, > and you can't control that. Right, I understand that I shouldn't "fight" the user like that. It is just asking for trouble. Thanks for all your suggestions. > Please listen to Joe and me (and I am sure other people here will tell > you roughly the same) and don't put effort in this. In my opinion, > this is silly. Spent your time working on functionality, not on user > control. I will. Thanks a lot for everything! vvf __________ Information from ESET Smart Security, version of virus signature database 5103 (20100510) __________ The message was checked by ESET Smart Security. http://www.eset.com
From: vvf on 11 May 2010 04:51 Hi Joe, Thanks for your message. > **** > What does any of this have to do with the concept of a RAM disk? Nothing > whatsoever, as > far as I can tell. > **** Well, I naively thought that I could just start with all the files compressed and then uncompress them to a "RAM disk" that would only be visible to my application but I thought about it more and that just doesn't make any sense... vvf __________ Information from ESET Smart Security, version of virus signature database 5103 (20100510) __________ The message was checked by ESET Smart Security. http://www.eset.com
From: vvf on 11 May 2010 05:42 > You are right. That works. However, what I can't get to work is to > actually > link to a HTML file. > > For example, if I do: > > test.html HTML "myTest.html", > > and then I do > > <A HREF="test.html">Test</A> > > it doesn't work. It only works if I use the resource ID (i.e., > #id_number). > Well, it seems that it doesn't work if I have a file of the form x.y.htm; In other words, it only works as x.htm (i.e., one period, not more than one.) vvf __________ Information from ESET Smart Security, version of virus signature database 5103 (20100510) __________ The message was checked by ESET Smart Security. http://www.eset.com
From: Goran on 11 May 2010 05:53
On May 11, 10:45 am, "vvf" <v...(a)vvf.com> wrote: > Hi Goran, > > > Hmmm... In your resources, you can have something like: > > Pic.gif HTML "res\Pic.gif" > > Pic.png HTML "res\Pic.png" > > In your *.html, you can have something like: > > ... > > <img src="pic.gif" /> > > <img src="pic.png" /> > > ... > > I just tried that, it works. (IE8 on 64-bit Vista, but my exe was 32- > > bit one). > > You are right. That works. However, what I can't get to work is to actually > link to a HTML file. > > For example, if I do: > > test.html HTML "myTest.html", > > and then I do > > <A HREF="test.html">Test</A> > > it doesn't work. It only works if I use the resource ID (i.e., #id_number). this worked for me: *.rc otherPage.htm HTML "otherPage.htm" *.htm <a href="otherPage.htm">link text</a> Of course, this only displays HTML within the confines of the dialog, which might not be what you're expecting. > > > Your first idea was to put them in resources. That's easily taken out > > of the *.exe. > > Not if I compress the .exe with an in-place decompressor when the file runs. > See for example upx. Your users can do same thing (decompress what's inside). > > > Note also that you users can right-click on the image > > viewed in your dialog's HTML and say "save picture as". What then? > > They can't. I added a transparent layer on top of the picture. :) They can edit resources inside the *.exe (e.g. first, "View Source", then go and change the *.html) so that said transparent layer does not cover it. BTW, if you really only want to "keep honest people honest", perhaps putting your stuff in a bit more obscure location (e.g. CSIDL_COMMON_APPDATA\your_company\your_program\put_it_here) could do the trick. But normally, you should be able to get away with "all html in resources" approach. I don't understand why you are having problems with img and a, it's rather straightforward, I just tried on a test project. (I too, just like Joe, think that CDhtmlDialog is a dumb idea). Goran. |