The point: Script unsafe ActiveX in HTML pages opened in Pocket
Internet Explorer without compromising the device security.
Note about the downloads: All except "raw" contain also
newObjects ActiveX Pack1 and the NetStreams library to give you rich set of
components to use with AXGate.
The ActiveX Gateway (AXGate) is a specific solution for Pocket Internet
Explorer (PIE) that overcomes the limitations for the ActiveX scripting in it.
If you ever tried perhaps you already know about the problem - PIE silently
disallows any unsafe ActiveX usage in the HTML pages. In many cases it is quite
convenient to build some small applications or parts of applications as HTML
pages with some scripts in them. Obviously depending on the functionality
intended such pages will need some way to save or read data from local files,
data bases or even access other system resources such as registry and network.
Even many of the utility ActiveX which have no unsafe functionality are rarely
marked as safe because they are initially planned for server side usage (ASP for
example) or as components for development tools such as eVB/VB and others.
products and tools
Networking addition to ActiveX PAck1 family.
About 30 components for CE and desktop.
CE App manager Inovker
You may need this for your Pocket PC installations.
newObjects Development Library - combined documentation.
So, AXGate provides a simple but powerful solution that allows HTML pages to
perform complex operations in HTML pages. This may be extremely useful for
corporate and utility applications that are part of bigger systems. For example
very often you may need relatively small module working on a pocket device for
information collection and some simple queries over the data kept on the device.
Even if most of the work is done on a server or a desktop PC (after
synchronization for example) sometimes having part of the functionality on a
handheld is a must. AXGate gives you a very simple way to implement this. AXGate
also integrates with newObjects ActiveX Pack1 and NetStreams library. This in
turn gives you over 30 ActiveX ranging from file access to network. It is even
possible to implement a corporate WEB site that serves such small applications
that work on the device and make them capable of sending/requesting data to/from
the server in the background. Thus the opportunities are here - it is up to you
to decide if HTML pages with AXGate fit your needs or you need something bigger
such eVB, C++ or ALP to implement more complex solution.
AXGate is for Windows Mobile 2003 and later (also referred as Pocket PC 2003
in many places and non-oficial conversations). It is for PIE and will not run
with the full Internet Explorer even if the processor type is the same (The PIE
and IE provide a bit different interfaces to the ActiveX). Unfortunately Pocket
PC 2002 lacks some features and this trick is not possible there. For Pocket PC
2002 something can be done in theory but it wont run the way developers expect
and will require big deal of accommodations which is non-practical for older old
How it works?
In contrast to the security manager as we know it on the desktop IE an full
IE for Windows CE.NET AXGate works not on a per-object basis. Instead it uses
profiles which list a number of objects that can be created through it. The
authentication/permission request is done when the page activates the profile.
If a single profile is enough for all the work the page does, no matter how many
objects are created from it the user will be asked just once (if user
interaction is configured) or authentication will be done when the profile is
activated only (if password protection method is configured for the profile).
Thus the access to the components is in packets of classes grouped together by
means of their functionality and potential impact over the system
The profiles are kept in a configuration file named AXGate.cfg which must be
in the same directory where the AXGate.dll resides. There are several standard
profiles listing components from our popular DLLs such as newObjects ActiveX
Pack1 and NetStreams. The download packages in the header of this page contain
these DLL in order to provide you with fully functional solution with working
samples (note that there are some additional external samples in VBScript - you
may need the VB
runtimes from Microsoft in order to run them).
You can create your own profiles as needed. The standard profiles can be used
as base or examples, but we do not recommend changing them. We are trying to
establish something like a standard with them in order to allow wider usage of
the AXGate features. Another reason to not change them is their design - we
carefully estimated the functionality included and its security impact so they
are consistent as they are. Also using your own profiles (especially for company
specific applications) will minimize the security risks in case of wrong profile
configuration. This means that even if you made a mistake in the profile and
that mistake may lead to risky situations the attacker will need to know the
name of your profile - additional precaution is always a good idea today. see
more about the profiles in NDL and a little overview for the first time users
Aside of the COM classes list AXGate supports several useful features such as
creation of pre-configured objects. For example the LogFile profile contains a
class named "Log" which is not just a COM class listed there but a
section that specifies certain file on the device. When the page creates the
object "Log" it receives a SFStream object attached to that file. This
allows sandbox techniques. The standard profiles implement them to allow even
untrusted applications save/read data from your local file system, but only to
certain file or OLE storage. This allows extended functionality without risk to
harm the device - in the worst case a harmful page will only destroy the content
of that file and nothing else.
There are several samples included in the packages. They are all for PIE (the
sample pages will not work on PPC2002 or full IE). You can see how you can do a
lot of work from a page. Special attention deserves the DataCollect sample which
uses the Sandbox profile. Such a page can work from any site and still be able
to store a lot of information on your local device. However it can do this only
in the OLE storage specified in the profile. Assuming that the work you do with
the entire product (from which this page is a part) involves additional
processing on the device or even on a server or stand alone desktop machine -
you will need to access the stored information later. It is quite easy and there
are two very simple scripts (for newObjects Micro script host, but they can be
ported to anything else) that demonstrate how this can be done. Depending on the
structure of the application the best way may differ - from extraction of the
collected data at the end of the day for example to dynamic usage from other
parts of the application. For instance the OLE storage used by the profile can
be put in the file synchronization list of ActiveSync and processed upon
synchronization on the desktop. Well, there are too many opportunities to
describe them shortly.
Request for opinion!
This solution is for Pocket PC/Pocket IE only. However it seems reasonable to
expect some benefit of similar or extended solutions supporting not only PIE but
also the full Internet Explorer and desktops. Let say some kind of sandbox
technique that will allow complex work to be done on HTML pages. Making possible
to access the local resources in a restricted way but still making possible to
do things impossible without usage of unsafe ActiveX seems to be interesting. Of
course, this is not the way one will build a big and complex product, yet
running applications online and allowing them store data locally is quite
tempting as technique employed for some of their parts. With all the networking
today there are many cases in which certain employees will work detached from
the main office or the network. Doing everything online involves too much spending
- for all the active time. If it is possible to do part of this work offline it
will lower the costs considerably. AXGate demonstrates one more way to do so and
it is quite simple. May be extending the idea to something more flexible will be
interesting? We will be glad to hear
your opinions, needs and thoughts. There are certain technical specifics and
certain needs - finding out the balance between them and the actual needs may
lead to something useful.
AXGate is FREEWARE! You may include it with your solutions, build custom
applications that include it as long as not copyright markings are stripped. For
your convenience there is a raw download package that contains the
files without installation. Use it to obtain the DLL and the standard
configuration if you want to include them in your installations. In such case
you will probably need also newObjects ActiveX
Pack1 and may be NetStreams. See their
pages for the appropriate downloads (there are raw file downloads for all of