Drag-and-Drop

[christo]

First of all thanks to the author of sandboxie for this excellent tool.

My motivation: I have developed a Java application which I want to be
used as a Web-client in a scientific database. However, the
maintainers of the database refused sofar due to security reasons. The
application requires access to the Hard disk like a normal
application. It cannot be implemented as an Applet. My hope is that
it might be accepted when I add the information that it can run in
sandboxie.

I see only one problem:
program heavily depends on Drag-and-Drop.

When I open explorer.exe with and without sandboxie, I notice that
Drag-and-Drop is not possible between a program in the sandbox to a
program outside and vice versa. Have I missed a configuration option
or is Drag-and-Drop generally not yet implemented?

In my opinion, dragging into the sandbox could not do any harm. Dragging from the
sandbox to the outer world could perhaps be dangerous. A confirmation
window where the user can confirm the Drop operation could perhaps
provide sufficient safety.

What do you think?

[tzuk]

You already asked this in a private email, so allow me to quote the same response.

At this time, drag and drop is not supported across sandbox boundaries,
and there are no exceptions to that rule.

You can try to search the Sandboxie forum for a more in-depth
explanation, but the bottom line is what I said. Sorry, I hope you can
still find Sandboxie useful.

[christo]

Thanks for the prompt answer. Sandboxie is still extremely important
for me, even though Drag-and-Drop over the sandbox border is not
possible. But if Drag-and-Drop could be implemented in the future, this would
be really of great advantage.

Currently I am solving a general problem of Java Webstart applications with Sandboxie:

Java Webstart will put up the security warning dialog for any signed Java application
"The application is requesting unrestricted access to your local machine .... ".

Many users will not run Java Webstart programs due to this message. There is unfortunately no way to
change this message. My solution to this
problem: An additional text will appear and explain the option to run
a Web-browser in Sandboxie. Using this technique Sandboxie could rescue any Java Webstart application.

[tzuk]

The drag and drop issue a complex problem, I'd like to see it solved, but at the same time, I will not sacrifice security for that. The problem is that drag and drop involves direct communication between the program that owns the "drag source" (i.e. the object being dragged) and any program that owns any windows that are being dragged over. I'd like to look into it at some point in the future, that's really all I can say.

[christo]

Many thanks! This is what I expected.

Nevertheless, I will explain on the Web-site of my program how to get
along without DnD and the users will get a lot of benefit by Sandboxie .

The JavaScript library for displaying the message when
starting the Java-Web-Start application,
is nearly finished.

Just for interest since I am not a MS_Windows programmer: Does the
application which serves as the Drop Target get access to internal
data of the Application which acts as a Drag source? Could one mask
the critical data in this DnD Transfer Object? Like setting the
pointer for Drag source program in the Transfer Object to null?

Christoph

[tzuk]

I appreciate your curiousity but remember, I did say "drag and drop is not supported ... and there are no exceptions ... ".

It's not about access to any particular piece of data that does or does not have to be critical. The way drag and drop is designed, the two programs (one handling the drag operation, the other accepting the data once it's finally dropped) just have to communicate directly with each other, and Sandboxie blocks that.

[SnDPhoenix]

I appreciate your curiousity but remember, I did say "drag and drop is not supported ... and there are no exceptions ... ".

It's not about access to any particular piece of data that does or does not have to be critical. The way drag and drop is designed, the two programs (one handling the drag operation, the other accepting the data once it's finally dropped) just have to communicate directly with each other, and Sandboxie blocks that.

What if you could design Sandboxie so it serves as the middle man, porting the data between the 2 programs, back and forth, without the 2 programs in question having to communicate with each other directly?

[tzuk]

I assure you SnDPhoenix, in this case, it's much easier said than done... At least that's my impression thus far. I have not yet looked into this issue very thoroughly, but I do agree that one-way drag-and-drop (unsandboxed source drops into sandboxed window) is reasonable and even desirable, and like I said, I do plan to look into this at some point. But success is not guaranteed.

[Fop_MD]

By exploring the sandboxie's content folders (with a not sandboxed explorer) you can simply access your files. Just copy/move them to a folder of your choice. Well, it's not DnD but it works.

[semerra]

I am not sure whether this issue is pertinent but when I run Windows Media Player v.11 sandboxed (using the 326-16.exe) I cannot open any media files by dragging and dropping them onto the sandboxed WMP.

I have no trouble doing this with Media Player Classic.