Click here to Skip to main content
15,742,709 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:

This web page is a normal html login web page.After entering the user and password when the user click on login button in the webpage then a face recognition application or exe need to started/Runned automatically(This exe is already installed in the local machine in a particular folder).

To use the facebook video chat you need to install plugin.When the user tries to use video chat for the first time it will ask the user to install plugin and when the user installs plugin a FacebookVideoCalling.exe and a supported dll is copied in the client machine in a particular folder (C:/Users/Username/Appdata/Local/Facebook/video/skype).After installing plugin if the user clicks on video chat then that particular exe will started for video chat(you can see the process of exe running in Taskmanager) and when the video chat is closed this exe is killed automatically.

so in the same way i want to start the exe from the web page. By using the same logic that facebook uses by creating a plugin and call that plugin from the web page.But you need to worry about the video stream and all other things in the exe because the exe for face recognition is ready its just that we need to call that exe from the browser using plugins or any java script.For testing you can use any exe in your machine.

This was working if we use Active X control but this works only in IE and its not at all secure and reliable way to do it.So the better solution is to create a basic plugin and call a process or exe or application from that web page.

Note: This should work in all browsers(IE,Chrome,Firefox etc)

Possible scenarios tried:
1. I tried by using NPAPI plugins, But in this plugins are not much secure.This is only possible in PPAPI plugins can anyone help me how to create
Updated 8-Dec-13 16:13pm

1 solution

The browsers are created to provide some security. That's why the server part is well isolated from the client part and has not access to the client's system. Technically, this is also simple, because Web protocols (HTTP, FTP) only support exchange of data, and actual "action" (such as rendering of page, the request to the user to save content in a file and a lot more) is performed be client code on client side and server-side code on the server side.

If a Web application could execute anything on the client side, who would reasonably trust it? However, such things are possible with IE, but don't consider this information as recommendation: you can do it using ActiveX objects hosted by a browser. Of course, it won't work on all platforms and browsers. This is considered as a security vulnerability and should never be used in almost all cases. If a security-savvy user learns that you use such a dirty trick, such person may decide to blacklist your side, for a good reason.

However, ActiveX approach is used in some special situation. For example, this is the way some PC vendors selling PC's with preinstalled software provides service. Also, some corporate environment use ActiveX inside corporate network only, but to me, even this means using unacceptable and unnecessary unsafe practice, telling me that it was organized in an illiterate way.


Please see the comments below. Overall, plug-in seems to be a better idea to me: a user can trust your site only (would be good to develop some schema to prevent phishing, which is a separate topic, and enable/disable a plug-in, depending on situation. There is no one universal way of solving this problem: you should learn plug-in techniques for each and every browser you can or want to support.

The root cause and the background for all of the above is this: of course, the face recognition looks like an attractive feature. The problem is: it cannot be universally and safely used until some provision in W3 standards are done. The standards allow to use password authentication to be smoothly added to the site functionality, in part because keyboard input to the browser is its standard feature. Unless camera or, say, voice of fingerprint input become supported by W3 standards, the security based on such input will remain a really questionable business, paradoxically, questionable from security point of view.

Actually, this work is already in progress. Please see the W3C Candidate Recommendation of May 9 2013:[^].

Only when this standard is adopted and the support of it implemented by major browsers, the authentication based on face recognition could be made safely in a 100% legitimate way.

Share this answer
kumar003 8-Dec-13 22:32pm    
Hi Mr.Sergey,
Thanks for the reply, I have already tried the ActiveX and i Knew this problem of not working in other browsers like (Chrome, FF). That's the reason i have already explained you the facebook video chat scenario.

Seeing that seems like it is possible by using plugins (PPAPI). I just want to know how to proceed with this plugin i mean to say how to call that exe using plugins.
Sergey Alexandrovich Kryukov 8-Dec-13 22:36pm    
I just tried to discourage you from doing anything like that, did you noticed that? Sorry for discussing only the ActiveX possibility but not the plug-in in first place.

If you implement it via a plug-in (sure, this is possible, but then this would be non cross-browser solution; besides, the users should agree to use the plug-in), you can potentially open a great security hole in user's client systems.

Overall, plug-in could be a better solution: a user can trust your site only (would be good to develop some schema to prevent phishing, which is a separate topic, and enable/disable a plug-in, depending on situation.

kumar003 8-Dec-13 22:40pm    
But this is the requirement given to me so i have to do it can you help me to do this.
Sergey Alexandrovich Kryukov 8-Dec-13 22:41pm    
Please, don't mention the "requirements". I just answer your question. If you don't make a decision, let the person who decides on requirements talk to me.
Sergey Alexandrovich Kryukov 8-Dec-13 22:53pm    
So, please see the update to my answer, after [EDIT].
Recently fixed, see again...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900