One of the key advantages of AdvancedMD over other (generally client/server) practice management systems is the fact that it is a browser-based application, built on the ubiquitous Microsoft Internet Explorer. That means that anyone can pick up a commodity PC at Best Buy or Costco, take it home, and run AdvancedMD without inserting a CD or contacting their PC support people.
AdvancedMD does, however, use a few ActiveX controls that allow us to do things that aren't normally permitted by the browser. Things like transparently saving temporary files to the local disk, compressing data, and managing printers.
When we first released AdvancedMD (as PerfectPractice.MD) back in 2000, Internet Explorer was on Version 5.0. Back in those days, the Internet was still relatively new, and Microsoft hadn't yet become every hacker's favorite target. So, security was a topic of discussion, but not the huge focus that it became in the months leading up to the release of Windows XP in August of 2001. (I'm relying on a Wikipedia article for these dates.)
In those good ol' days, ActiveX controls just worked. Sure, it helped to sign them (or, rather, the CAB files that contained them), but aside from that it was a piece of cake to deploy a control that could access the registry, read and write files, format the hard drive, beat the dog, stampede the horses, etc. The Wild, Wild West of the World Wide Web.
Since that time, the wizards at Microsoft have had a little fun at our expense (albeit, to be fair, to the benefit of IE users):
- AdvancedMD domain must be added to Trusted Sites zone in order for ActiveX controls and many other functions to work.
- The ActiveX controls within CAB files must be signed, not just the CAB files themselves.
- By default, windows can't be sized or positioned in such a way that they appear off-screen, even in Trusted Sites zone.
- A website can't be added to the Trusted Sites zone via javascript (IE6) or ActiveX controls (IE7).
- On and on and on...
As a general rule, the AdvancedMD Engineering team emits a collective groan whenever a new version of IE comes out, because it means days of testing and retrofitting to comply with new security features.
IE8 will no doubt present some new challenges, but at least one new feature mentioned on the IEBlog may actually help us out.
For quite some time, some of our larger customers (the ones who actually have IT staff) have complained that, every year or so, we deploy new versions of our ActiveX controls. Since they have restricted their users' Windows accounts from installing software, their users are unable to install the new controls. Instead, an IT person has to walk from machine to machine, logging in as an administrative user and allowing the AdvancedMD browser application to install the controls.
IE8 has a new feature called "Per-User (Non-Admin) ActiveX" that, presumably, will make this a thing of the past. According to the IEBlog post:
"Running IE8 in Windows Vista, a standard user may install ActiveX controls in their own user profile without requiring administrative privileges."
Sounds pretty good to me. Now if we could just get away from ActiveX controls altogether...
No comments:
Post a Comment