<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<!--last modified on Tue, Apr 15, 1997 2:22 PM-->
<HTML>

<HEAD>
<!-- This document was created from RTF source by rtftohtml version 3.0.1 -->

	<META NAME="GENERATOR" Content="Symantec Visual Page 1.0">
	<META NAME="Author" Content="Steph Mineart">
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=iso-8859-1">
	<TITLE>Chapter 16</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<H1>Chapter 16<BR>
Advanced Topics</H1>

<UL>
	<LI><A HREF="#Heading1">Advanced Topics</A>
	<UL>
		<LI><A HREF="#Heading2">Internet</A>
		<UL>
			<LI><A HREF="#Heading3">Internet Security</A>
			<LI><A HREF="#Heading4">Signing Software</A>
			<LI><A HREF="#Heading5">Internet Scripting</A>
			<LI><A HREF="#Heading6">Listing 16.1 JSVBSSAMP.HTM--Example of VBScript and JavaScript
			Using the &lt;SCRIPT&gt; Tag</A>
			<LI><A HREF="#Heading7">Listing 16.2 AREFSAMP.HTM--Example of JavaScript Using the
			&lt;A&gt; Tag</A>
			<LI><A HREF="#Heading8">Internet Component Download</A>
			<LI><A HREF="#Heading9">Listing 16.3 SAMPLEIE.HTM--Using an ActiveX Control in HTML
			Code</A>
			<LI><A HREF="#Heading10">Electronic Commerce</A>
		</UL>
		<LI><A HREF="#Heading11">Advanced COM</A>
		<UL>
			<LI><A HREF="#Heading12">Using C++ vtables to Describe Interfaces</A>
			<LI><A HREF="#Heading13">Listing 16.4 MSDEV\INCLUDE\UNKNWN.H--The Definition of the
			IUnknown Interface in C Is a Structure that Contains a Pointer to a Structure that
			Contains Pointers to Functions</A>
			<LI><A HREF="#Heading14">Listing 16.5 MSDEV\INCLUDE\UNKNWN.H--The Definition of an
			Interface in C++ Makes Use of C++ vtables</A>
			<LI><A HREF="#Heading15">Listing 16.6 INUMBER.H--The INumber Interface</A>
			<LI><A HREF="#Heading16">Listing 16.7 UMBER.H--The CNumber Class</A>
			<LI><A HREF="#Heading17">Listing 16.8 UMBER.CPP--CNumber::QueryInterface</A>
			<LI><A HREF="#Heading18">Listing 16.9 UMBER1.H--The CNumber1 Class: Multiple vtables</A>
			<LI><A HREF="#Heading19">Listing 16.10 UMBER1.CPP--CNumber1::QueryInterface</A>
			<LI><A HREF="#Heading20">Listing 16.11 MBER1.CPP--CNumber1::ImpINumber::QueryInterface</A>
			<LI><A HREF="#Heading21">Reusing ActiveX Objects with Aggregation</A>
			<LI><A HREF="#Heading22">Listing 16.12 UMBER2.H--CNumber2</A>
			<LI><A HREF="#Heading23">Listing 16.13 MBER2.CPP--CNumber2::CNumber2(LPUNKNOWN)</A>
			<LI><A HREF="#Heading24">Listing 16.14 BER2.CPP--CNumber2::ImpINumber::QueryInterface(),
			AddRef(), and Release() Are Delegated to pThis-&gt;m_pUnkOuter, Instead of pThis</A>
			<LI><A HREF="#Heading25">Listing 16.15 INUMBER.H--The IWholeNumber Interface</A>
			<LI><A HREF="#Heading26">Listing 16.16 UMBER3.H--CNumber3 Adds Init() and m_pUnkNumber</A>
			<LI><A HREF="#Heading27">Listing 16.17 UMFACT.CPP--CNumber3ClassFactory::CreateInstance
			Calls CNumber3::Init after Constructing the CNumber3 Object</A>
			<LI><A HREF="#Heading28">Listing 16.18 UMBER3.CPP--CNumber3::Init Creates the Aggregated
			Object</A>
			<LI><A HREF="#Heading29">Listing 16.19 UMBER3.CPP--CNumber3::QueryInterface</A>
			<LI><A HREF="#Heading30">Listing 16.20 Example Declaration of a Tear-Off Class</A>
			<LI><A HREF="#Heading31">Enumerators: An Interface Pattern for Sets</A>
			<LI><A HREF="#Heading32">Listing 16.21 Enumerator Pattern</A>
			<LI><A HREF="#Heading33">Listing 16.22 UMBERS.H--The CNumbers Enumerator Class</A>
			<LI><A HREF="#Heading34">Listing 16.23 UMBERS.CPP--Next</A>
			<LI><A HREF="#Heading35">Listing 16.24 UMBERS.CPP--Clone</A>
			<LI><A HREF="#Heading36">About the Samples</A>
		</UL>
		<LI><A HREF="#Heading37">Distributed Component Object Model (DCOM)</A>
		<LI><A HREF="#Heading38">OLE DB</A>
		<LI><A HREF="#Heading39">Threading</A>
		<UL>
			<LI><A HREF="#Heading40">Single-Threading and Multithreading</A>
		</UL>
		<LI><A HREF="#Heading41">Engineering for the Future</A>
		<LI><A HREF="#Heading42">From Here...</A>
	</UL>
</UL>

<P>
<HR SIZE="4">

<H1><A NAME="Heading1"></A>Advanced Topics</H1>

<UL>
	<LI><B>Internet security</B> 
<SPACER TYPE="VERTICAL" SIZE="2">
 Industry is taking steps to ensure safety and security for all users on the Internet
	for business and nonbusiness purposes. Advances in security are making the Internet
	an even more popular place for companies to do business. You can apply code signing
	to your ActiveX control to benefit you and your users.
	<P>
	<LI><B>Internet component download</B> 
<SPACER TYPE="VERTICAL" SIZE="2">
 Downloading and installing ActiveX controls on the client machine is important to
	ActiveX Internet technology.
	<P>
	<LI><B>Advanced COM</B> 
<SPACER TYPE="VERTICAL" SIZE="2">
 The majority of this book focuses on the basic aspects of COM. Aggregation is an
	example of an Advanced COM feature that you can implement within your applications.
	<P>
	<LI><B>DCOM and OLE DB</B> 
<SPACER TYPE="VERTICAL" SIZE="2">
 DCOM allows ActiveX components to run on different machines connected via a network.
	OLE DB is a set of APIs that provides COM-type access to many types of data.
	<P>
	<LI><B>Threading</B> 
<SPACER TYPE="VERTICAL" SIZE="2">
 Threading is a means of executing code concurrently within the same application.
</UL>

<P>This chapter introduces some of the advanced topics that could not be directly
addressed in the other chapters of this book. The topics covered here are important
to ActiveX development, and you should be aware of their impact and significance
in regards to your specific development. The topics are not covered in great detail;
in some cases, the technology is just emerging and still being developed. For example,
Internet security, OLE DB, and other technologies, such as threading and DCOM, are
too complex to address within the context of this book.</P>
<P>The intent of this chapter is to introduce you to the main concepts and reasons
behind a particular technology and allow you the choice of pursuing the technology
if it applies to you. You will learn about the Internet and how it applies to your
ActiveX control development. You will also learn how DCOM, threading, and OLE DB
apply to ActiveX.</P>
<P>The last section looks at what is coming out of Microsoft to better equip you
with the proper tools and technologies that make ActiveX what it is today and what
it will be in the future.
<H2><A NAME="Heading2"></A>Internet</H2>
<P>As was mentioned in <A HREF="ch01.htm">Chapter 1</A>, the term ActiveX originally
meant Activate the Internet. Microsoft has now expanded the term to include all COM/OLE
components and development. The Internet has been around for many years, but didn't
start to explode in popularity until recently. This explosion has expanded the use
of the Internet as more and more companies are slowly figuring out how to use this
medium safely and effectively.
<H3><A NAME="Heading3"></A>Internet Security</H3>
<P>Internet security is still in its infancy. Security is one of the major reasons
companies are slow to embrace the Internet. The two major security issues that still
exist are secure transmissions and ActiveX controls. Because the Internet is not
a direct connection from computer to computer, hackers can tamper with or steal information
during transmission fairly easily. ActiveX controls, for the most part, are downloaded
to the user's machine and then installed. This situation makes it easy for someone
to spread a virus via an ActiveX control in a Web page. Although Netscape led the
way with its secure servers, Microsoft is quickly catching up and is working on solving
these and other security issues.</P>
<P>One technology that Microsoft, Netscape, and other companies are developing is
secure channel technology. <I>Secure channel technology </I>provides secure transmissions
through the Secure Sockets Layer (SSL) and Private Communications Technology (PCT).
SSL, created by Netscape, provides users with authentication of the server they are
attaching to, encryption of the data sent and received, and integrity of the data
being sent and received. PCT, created by Microsoft, provides protection against eavesdropping
on a network or altering a network packet.</P>
<P>Microsoft and other vendors are developing a new standard that uses digital signatures
to identify the publisher of an object downloaded from the Internet and to certify
that it has not been tampered with. Microsoft has started implementing this in the
Microsoft Internet Explorer and the Microsoft ActiveX SDK. Microsoft Internet Explorer
has three safety levels: high, medium, and low. High will not download anything that
is not signed, medium asks users if they want to download an unsigned item, and low
downloads items whether they are signed or unsigned. Microsoft Internet Explorer
defaults to the high safety level. The Microsoft ActiveX SDK includes the Authenticode
utilities for signing an ActiveX control. You find out more about signing an ActiveX
control later in this chapter.</P>
<P>On the other side, Microsoft is working on something called Client Identification,
which provides a way for users to identify themselves to a Web server using a digital
certificate. These server and client digital certificates have to be obtained from
a Certificate Authority (CA) company, which are signed with the company's official
key.</P>
<P>Encryption is another technology that vendors are pursuing. Basically, data and
messages are scrambled and cannot be unscrambled except by someone who has a specific
key. Microsoft has produced a set of encryption APIs, called the CryptoAPI, which
it includes in its Win32 SDK.</P>
<P>Other companies, along with Microsoft, are also trying to set standards for security.
One such standard recently developed is the Secure Electronic Transactions (SET)
standard. SET, a standard for securing a payment transaction over the Internet, was
developed by Microsoft, Netscape, Visa, MasterCard, IBM, and GTE. Microsoft is currently
trying to develop another standard called the Secure Transport Layer Protocol (STLP),
which Microsoft hopes will be a combination of the Netscape SSL technology and the
Microsoft PCT technology. Microsoft is also trying to develop its Personal Information
Exchange (PFX) standard, which is a standard for transferring personal security information
from one machine to another. Currently, security information such as certificates
and keys must be set up separately on each machine.</P>
<P>More information can be obtained from Microsoft's Web site (<A HREF="http://www.microsoft.com"><B>http://www.microsoft.com</B></A>)
or Netscape's Web site (<A HREF="http://home.netscape.com"><B>http://home.netscape.com</B></A>).
At the time of publication, Microsoft's security specific information was found at
<A HREF="http://www.microsoft.com/intdev/security/"><B>http://www.microsoft.com/intdev/security/</B></A>.
Netscape's security information is scattered throughout its site. Use Microsoft's
Search and Contents page to locate security information. These sites should be watched
closely for information on this ever-changing technology.
<H3><A NAME="Heading4"></A>Signing Software</H3>
<P>As mentioned earlier, Microsoft and other vendors are developing a new standard
that uses digital signatures to identify the publisher of an object downloaded from
the Internet and to ensure that the object has not been tampered with. This process
is referred to as code signing. This digital signature contains specific information
about the company and is signed by a trusted certificate authority. The information
is thoroughly checked before being signed. If a piece of code or data wreaks havoc
with your system, you can trace it back to an individual or company with the information
contained in the signature.</P>
<P>The use of digital signatures allows users to have the same comfort level they
have when they purchase software in a box. If you purchase a software package from
a retail outlet and it causes problems, you know who manufactured the software and
can hold them accountable. Digital signatures allows for the same level of accountability
with software that is downloaded from the Internet. Companies that digitally sign
their products have the added benefit of providing to their users a commitment to
quality and security, which in turn translates into consumer trust of the companies'
products.</P>
<P>Code signing requires the following steps:

<OL>
	<LI>A Software publisher applies for credentials from a Certificate Authority (CA).
	<P>
	<LI>The application basically consists of the software company's personal information
	and its public and private encryption keys.
	<P>
	<LI>After the application is completed, the CA will verify the publisher's information
	in approximately one week.
	<P>
	<LI>After the information is verified, the CA will create an X.509 industry standard
	certificate that includes the publisher's public key.
	<P>
	<LI>The private key is held by the software publisher and kept secret. A copy of
	the certificate is sent to the publisher. The publisher will include this certificate
	in any code that it signs with the private key.
	<P>
	<LI>The publisher uses the Authenticode utilities to create a digital signature with
	its private key.
	<P>
	<LI>A PKCS#7 signature file is created containing the code to be published, the X.509
	certificate received from the CA, and the publisher's digital signature.
</OL>

<P>Microsoft is trying to develop standards for the preceding process. For more information
on Microsoft's effort to develop the standards and more detailed information on code
signing, check out the help files on signing in the ActiveX SDK and Microsoft's Internet
security page mentioned before.
<H3><A NAME="Heading5"></A>Internet Scripting</H3>
<P>When creating Web pages, a developer needs a way to create online content and
link and automate various objects, such as Java applets or ActiveX controls. These
objectives are accomplished with scripting. <I>Scripting</I> is an interpretive programming
language used with HTML.</P>
<P>Two scripting languages exist today: Microsoft Visual Basic Scripting Edition
(VBScript) and Netscape JavaScript. VBScript imitates Visual Basic (VB), and JavaScript
imitates the Java language, as the names imply. Both Netscape Navigator and the Microsoft
Internet Explorer read JavaScript, but Netscape Navigator will not read VBScript
unless the ScriptActive plug-in from NCompass Labs is used to convert the VBScript
to JavaScript. Unfortunately, ScriptActive does not support all parts of VBScript,
such as forms, write, and writeln. To find out what is and is not supported, view
the NCompass &quot;Authoring ActiveX Controls for the NCompass Plug-ins&quot; document
at <A HREF="http://www.ncompasslabs.com/documents/authoring.htm"><B>http://www.ncompasslabs.com/documents/authoring.htm</B></A>.
Because this is only version 1.0 of the ScriptActive plug-in, more VBScript features
should be available in the future. If your users use both Microsoft Internet Explorer