We are providing the following information for users who decide they would like to use our components for Internet or Intranet applications. It is actually information extracted from the Microsoft Developer Network regarding ActiveX components. In many places the information below references older versions of their DLLs and development tools. Be aware that these change and that information regarding the actual DLLs that you need to include are provided in the release notes if you are a registered user. Note that all Global Majic ActiveX components are digitally signed and marked as "safe for download".

Microsoft Developer Network

When using your component on a Web page, there are additional considerations. The .ocx file and all supporting files must be on the target machine or downloaded across the Internet. This makes code size and download time an important consideration. Downloads can be packaged in a signed .cab file.

Packaging Code for Downloading

The CODEBASE Tag

ActiveX components are embedded in Web pages using the <OBJECT> tag. The CODEBASE parameter of the <OBJECT> tag specifies the location from which to download the component. CODEBASE can point at a number of different file types successfully.

Using the CODEBASE Tag with an OCX File

CODEBASE="http://www.mysite.com/mycontrol.ocx#version=4,70,0,1086"

This solution downloads only the components .ocx file and requires any supporting DLLs to already be installed on the client machine. This will work for Internet Explorer 3.0 and MFC ActiveX components built with Visual C++ 4.0 and 4.1, since Internet Explorer 3.0 ships with the supporting DLLs for Visual C++ 4.0 and 4.1 components. If another Internet browser that is ActiveX component-capable is used to view this component, this solution will not work.

Using the CODEBASE Tag with an INF File

CODEBASE="http://www.mysite.com/trustme.inf"

An .inf file will control the installation of an .ocx file and its supporting files. This method is not recommended because it is not possible to sign an .inf file (see Signing Code for pointers on code signing).

Using the CODEBASE Tag with a CAB File

CODEBASE="http://www.somesite.com/acontrol.cab#version=1,2,0,0"

Cabinet files are the recommended way to package ActiveX components that use MFC. Packaging an MFC ActiveX component in a cabinet file allows an .inf file to be included to component installation of the ActiveX component and any dependent DLLs (such as the MFC DLLs). Using a CAB file automatically compresses the code for quicker download. If you are using a .cab file for component download, it is faster to sign the entire .cab file than each individual component.

Creating CAB Files

The CABinet Development Kit can be obtained from the Microsoft developers Web site, Microsoft Cabinet SDK. In this kit, you will find the necessary tools to construct cabinet files.

The cabinet file pointed to by CODEBASE should contain the .ocx file for your ActiveX component and an .inf file to control its installation. You create the cabinet file by specifying the name of your control file and an .inf file. Do not include dependent DLLs that may already exist on the system in this cabinet file. For example, the MFC DLLs are packaged in a separate cabinet file and referred to by the controlling .inf file.

The INF File

The following example, spindial.inf, lists the supporting files and the version information needed for the MFC Spindial component. Notice the location for the MFC 4.2 DLLs is a Microsoft Web site. The mfc42.cab is provided and signed by Microsoft.

Contents of spindial.inf:
[mfc50installer]

file-win32-x86=http://activex.microsoft.com/controls/vc/mfc50.cab
[msvcrt.dll] - FileVersion=5,0,0,6164
[mfc50.dll] - FileVersion=5,0,0,6256
[olepro32.dll] - FileVersion=5,0,0,6068

The <OBJECT> Tag

The following example illustrates using the <OBJECT> tag to package the MFC Spindial sample component.

<OBJECT ID="Spindial1" WIDTH=100 HEIGHT=51
 CLASSID="CLSID:06889605-B8D0-101A-91F1-00608CEAD5B3"< BR> CODEBASE="http://mysite/spindial.cab#Version=1,0,0,001">
  <PARAM NAME="_Version" VALUE="65536">
  <PARAM NAME="_ExtentX" VALUE="2646">
  <PARAM NAME="_ExtentY" VALUE="1323">
  <PARAM NAME="_StockProps" VALUE="0">
  <PARAM NAME="NeedlePosition" VALUE="2">
</OBJECT>

	<OBJECT ID="Spindial1" WIDTH=100 HEIGHT=51
	 CLASSID="CLSID:06889605-B8D0-101A-91F1-00608CEAD5B3"
	 CODEBASE="http://mysite/spindial.cab#Version=1,0,0,001">
	    <PARAM NAME="_Version" VALUE="65536">
	    <PARAM NAME="_ExtentX" VALUE="2646"> 
	    <PARAM NAME="_ExtentY" VALUE="1323">
	    <PARAM NAME="_StockProps" VALUE="0">
	    <PARAM NAME="NeedlePosition" VALUE="2">
	</OBJECT>
	

In this case, spindial.cab will contain two files, spindial.ocx and spindial.inf. The following command will build the cabinet file:

C:\CabDevKit\cabarc.exe -s 6144 N spindial.cab spindial.ocx spindial.inf

The -s 6144 parameter reserves space in the cabinet for code signing.

The Version Tag

Note here that the #Version information specified with a CAB file applies to the component specified by the CLASSID parameter of the <OBJECT> tag.

Depending on the version specified, you can force download of your component. For complete specifications of the OBJECT tag including the CODEBASE parameter, see the W3C reference.

Licensing Issues

If you want to use a licensed component on a Web page, you must verify that the license agreement allows its use on the Internet and create a license package file (LPK) for it.

A licensed ActiveX component will not load properly in an HTML page if the computer running Internet Explorer is not licensed to use the component. For example, if a licensed component was built using Visual C++, the HTML page using the component will load properly on the computer where the component was built, but it will not load on a different computer unless licensing information is included.

To use a licensed ActiveX component in Internet Explorer, you must check the vendors license agreement to verify that the license for the component permits:

• Redistribution
• Use of the component on the Internet
• Use of the Codebase parameter

To use a licensed component in an HTML page on a non-licensed machine, you must generate a license package file (LPK). The LPK file contains run-time licenses for licensed components in the HTML page. This file is generated via LPKtool.zip which comes with the ActiveX Software Development Kit (SDK). You can download the ActiveX SDK through the Microsoft Web site http://www.microsoft.com/activex.

To create an LPK file

1. Run lpktool.zip on a computer that is licensed to use the component.
2. In the License Package Authoring Tool dialog box, in the Available Controls list box, select each licensed ActiveX component that will be used on the HTML page and click Add.
3. Click Save & Exit and type a name for the LPK file. This will create the LPK file and close the application.

To embed a licensed component on an HTML page

1. Edit your HTML page. In the HTML page, insert an <OBJECT> tag for the License Manager object before any other <OBJECT> tags. The License Manager is an ActiveX component that is installed with Internet Explorer. Its class ID is shown below. Set the LPKPath property of the License Manager object to the path and name of the LPK file. You can have only one LPK file per HTML page.
   
   <OBJECT CLASSID = "clsid:5220cb21-c88d-11cf-b347-00aa00a28331">
       <PARAM NAME="LPKPath" VALUE="relative URL to .LPK file">
   </OBJECT>
   
   
2. Insert the <OBJECT> tag for your licensed component after the License Manager tag. For example, an HTML page that displays the Microsoft Masked Edit component is shown below. The first class ID is for the License Manager component, the second class ID is for the Masked Edit component. Change the tags to point to the relative path of the .lpk file you created earlier, and add an object tag including the class ID for your component.
   
   
3. Insert the <EMBED> attribute for your LPK file, if using the NCompass ActiveX plug-in. If your component may be viewed on other ActiveX enabled browsers - for example Netscape using the NCompass ActiveX plug-in - you must add the <EMBED> syntax as shown below.
   
   <OBJECT CLASSID="clsid:5220cb21-c88d-11cf-b347-00aa00a28331">
       <PARAM NAME="LPKPath" VALUE="maskedit.lpk">
       <EMBED SRC ="maskedit.LPK">
   </OBJECT>
   <OBJECT CLASSID="clsid:C932BA85-4374-101B-A56C-00AA003668DC" WIDTH=100 HEIGHT=25> </OBJECT>

Signing Code

Code signing is designed to identify the source of code and to guarantee that the code has not changed since it was signed. Depending on browser safety settings, users may be warned before the code is downloaded. Users may choose to trust certain certificate owners or companies, in which case, code signed by those trusted will be downloaded without warning. Code is digitally signed to avoid tampering.

Make sure your final code is signed so that your component can be automatically downloaded without displaying trust warning messages. For details on how to sign code, check the documentation on Authenticode® in the ActiveX SDK. For more information on the Microsoft code-signing initiative, check .

Depending on trust and browser safety level settings, a certificate may be displayed to identify the signing person or company. If the safety level is none, or if the signed components certificate owner is trusted, a certificate will not be displayed. See Safety Levels and Control Behavior for details on how the browser safety setting will determine whether your component is downloaded and a certificate displayed.

Digital signing guarantees code has not changed since it has been signed. A hash of the code is taken and embedded in the certificate. This hash is later compared with a hash of the code taken after the code is downloaded but before it runs. Companies such as Verisign can supply private and public keys needed to sign code. The ActiveX SDK ships with MakeCert, a utility for creating test certificates, and two registry files, wvtston.reg and wvtstoff.reg, for specifying whether or not the browser should recognize test certificates as valid.

Internet Explorer Browser Safety Levels and Control Behavior

A browser has options for safety level, configurable by the user. Because Web pages can contain active content that might potentially harm a users computer, browsers allow the user to select options for safety level. Depending on the way a browser implements safety levels, a component may not be downloaded at all, or will display a certificate or a warning message to allow the user to choose at run time whether or not to download the component. The behavior of ActiveX components under high, medium, and low safety levels on Internet Explorer is listed below.

High Safety Mode

• Unsigned components will not be downloaded.
• Signed components will display a certificate if untrusted (a user can choose an option to always trust code from this certificate owner from now on).
• Only components marked as safe will have persistent data and/or be scriptable.

Medium Safety Mode

• Unsigned components will display a warning before downloading.
• Signed components will display a certificate if untrusted.
• Components not marked as safe will display a warning.

Low Safety Mode

• Components are downloaded without warning.
• Scripting and persistence occur without warning.