Developing Web Applications |
ActiveX controls can be used either to customize the user interface, or as “plug-in” applications (such as the Macromedia Shockwave animation control and the RealNetworks streaming audio/video player). ActiveX controls can perform a variety of tasks, from navigation to real-time interaction with stock quotes. They can be written in any language that supports COM Automation, including Microsoft® Visual Basic®, C++, Java, or even COmmon Business Oriented Language (COBOL).
ActiveX controls can be embedded into the HTML page by using the HTML <OBJECT> tag. If the control does not exist on the user’s system, it can be downloaded using the URL specified in the CODEBASE attribute (see the following example). The <OBJECT> tag also supports component versioning. Once the control is downloaded and installed, the browser continues to use the cached control until an updated version is available on the server. The following example demonstrates the CODEBASE attribute:
<OBJECT ID="BoomButton" WIDTH=225 HEIGHT=35
CLASSID="clsid:56F1BF40-B2D0-11d0-A6D6-00AA00A70FC2"
CODEBASE="http://domain.microsoft.com/AControl.cab#Version=1,0,0,1">
</OBJECT>
A malicious ActiveX control could perform potentially destructive actions on the user’s computer, such as erasing data from the hard drive. To help users determine whether a control is safe to use, Microsoft has developed security guidelines for vendors to follow when releasing a control. A control should identify its creator with a “signature” issued by a well-known security authority, such as VeriSign. Microsoft® Authenticode™, the company’s code-signing technology, assures accountability and authenticity for software components distributed on the Internet. Only the original owner can modify a signed control, which prevents tampering by third parties. (For more information about Authenticode and code-signing, see http://www.microsoft.com/security/default.asp.)
As of this writing, only Microsoft® Internet Explorer 3.0 or later includes native support for ActiveX controls. Because of this, ActiveX controls are probably most useful for intranet sites or sites created especially for Internet Explorer users.
Case Study of a Web Application
Microsoft recently introduced a new means of filing employee expense reports. The old system required employees to prepare expense report forms, attach receipts, and submit them to their managers, who would review the forms and submit them to the accounting department. Mistakes were common, and forms often had to be resubmitted. Once the paperwork was finished, the reports were painstakingly entered into a database. To eliminate some of the problems with the existing system, the accounting department introduced a Web application to control and streamline the employee reimbursement process. The new application allows the employee to report expenses using a Microsoft® Excel worksheet modeled after the paper version of the old form. The worksheet, after it has been downloaded to the user’s browser, validates the data as it is submitted, catching most user errors up front. When the documents are ready, the electronic form can be routed to the employee’s manager by e-mail. After the manager approves the form, a copy is returned to the accounts department and an approval notification is sent to the employee. The accounting department then performs all of its final work online, saving considerable time and effort. The new expense-reporting system effectively:
Payoffs such as these are a common theme in most Web applications. A welldesigned application can improve the way you work by being available wherever there’s a browser. |