[AlternaTIFF :: Technical documentation ]

AlternaTIFF Technical Documentation

This is the technical documentation supplement for the AlternaTIFF TIFF viewer by Medical Informatics Engineering. It is a supplement to the main documentation and FAQ, intended for systems administrators and advanced users.

Contents

In this document: Related documents:

<embed> or <object> tag parameters

The web page author can control the plug-in in several ways by including custom parameters in the <embed> tag. When using the <object> tag, the parameters should instead be placed in <param> tags; see this document. These settings will temporarily override any settings that the user has configured. Here are the parameters that AlternaTIFF recognizes. The parameter names are case-insensitive.

Disabling features

It is possible for an administrator to request that AlternaTIFF disable certain program features, such as saving to disk. It is not really secure, but may be useful in some situations.

Feature disabling can be done in two ways: by adding a setting to the Windows registry of the client computer, or by including an "ACCESS" attribute in EMBED (or PARAM) tag.

To do this, you need to give AlternaTIFF a number that tells it what features to disable. To determine that number, pick the features you want to disable from this list and add up their corresponding numbers:

1Disable everything if not embedded (see below)
2Save settings
4Print
8Save to disk
16Open local file
32Set wallpaper
64Copy to clipboard
128Reveal image's URL to user (v1.4.1+ only) (see below)
256Scripting (relevant only to ActiveX v1.5.0+ and Plug-in v1.5.2+)
512Menu (Context menu and Menu button) (v1.5.1+)
1024Send Image (v1.5.2+)
2048Reserved
4096Show TIFF tags (v1.6.6+)
8192Check for new version (v1.7.2+)

For example, to disable printing and setting wallpaper, use 4+32 = 36. The embed tag would look something like this:
<embed src=image.tif access=36 width=200 height=200>.

Instead of putting "ACCESS=" in the web page, you can put the setting in the Windows Registry by creating a DWORD value at "HKLM\Software\MIE\AlternaTIFF\access" or "HKCU\Software\MIE\AlternaTIFF\access". The controls will then apply anytime the plug-in is used. This is the preferred method. If both methods are used, any feature disabled by either method will be disabled.

The value 1 ("Disable everything if not embedded") does just that -- if the plugin is viewing a full-page (or full-frame) document, it will disable all of the other features listed. It is useful only in the registry. This setting exists because full-page plug-ins can't have parameters like ACCESS: the user need only type the url of the document into his browser to get full access to it. In effect, it configures the plug-in to be receptive to settings used in EMBED tags.

The value 128 (Reveal URL) disables features like "Copy Link Location" and "Open in New Window" that would allow the user to easily determine the URL of the image file being displayed. This does not provide real security, since the user can typically get the URL by other means, such as the browser's "View Source" function.

NOTE: This access control feature is not intended for use on a public web server. It is easy to get around, and is only potentially useful in a controlled environment where users do not have full control over their own computers, such as some corporate intranets or public terminals. Even then, it is practically impossible to prevent a savvy user from getting around it. For example, the browser may have a way to save a document to disk, regardless of whether the plug-in has such a feature. Or the user may be able to retrieve the document from the browser's cache.

Auto Update Notification

AlternaTIFF, starting with version 1.3.0, has a feature that lets it automatically detect and inform the user when a new version is available. This is done via a TCP connection to the machine "server.alternatiff.com" (or "alternatiff-server.mieweb.com" in some versions), port 80. At this time, proxies are not supported, so a direct connection is necessary.

The only information transmitted over the connection is the version of AlternaTIFF that you are using. Since this is a TCP/IP connection, your (external) IP address is also visible to us.

The feature can be turned off by right-clicking, choosing "More Settings" from the menu, then unchecking "Automatically check for new version" if it is checked.

AlternaTIFF normally checks for a new version every 10 days. If it fails to connect, it will wait 3 days before trying again. Those are minimum values, since it will not perform a check unless it is used to view an image.

The waiting periods (10 days and 3 days) can be changed by directly modifying the Windows registry. Set the DWORD at "HKEY_LOCAL_MACHINE\Software\MIE\AlternaTIFF\updateinterval" to the number of days between checks, and the DWORD at "HKEY_LOCAL_MACHINE\Software\MIE\AlternaTIFF\updateretry" to the number of days to wait after a failure.

The user can view the "About box" (right click, "About...") to see when the last update check was performed. The user can initiate an immediate check by right-clicking, choosing "Tools", then "Check for new version".

Other private registry settings

A few options are available "just in case", but have no user interface for setting them. They are intended only for administrators or power users, and must be set by editing the Windows registry directly, at HKEY_CURRENT_USER\Software\MIE\AlternaTIFF or HKEY_LOCAL_MACHINE\Software\MIE\AlternaTIFF.

"miscflags" [DWORD]
This is a bitmask. Currently, only one bit is defined.
  0x00000001 - reserved
  0x00000002 - If set, allows remote scripts to attempt to load local URLs using the LoadImage() method. This flag is obsolete as of version 1.7.5. The "allow scripts to open local files" setting in the "More Settings->Advanced" dialog should be used instead.
  0x00000004 - reserved
  ...

"memorylimit" [DWORD]
The maximum number of kilobytes of memory to allocate for the image. Images requiring more memory will not be displayed.

"zoomrect" [string]
A comma-separated string of numbers defining a custom location for the zoom window, for example, "100,600,100,400" (left,top,right,bottom). After defining the region, it must be enabled. To enable it, go to More Settings and select the "Custom" size, or set the "zoomsize" registry setting to 6.

"sendmethod" [DWORD]
This affects how the "Send Image" function works internally. AlternaTIFF supports two different ways to send attachments using MAPI, which we'll call MAPISendDocuments and MAPISendMail. Theoretically, MAPISendDocuments is the most appropriate method, but due to serious bugs in some email clients, we've pretty much given up on it. You can force AlternaTIFF to use it, though.
  0 = auto (typically this will always use MAPISendMail)
  1 = use MAPISendDocuments
  2 = use MAPISendMail

Registry settings modified during installation

The plug-in version of AlternaTIFF does not modify any non-private Windows registry settings, but the ActiveX version must do so in order for Internet Explorer to use it. During installation, the following registry keys are created or updated:

HKCR\MIME\Database\Content Type\image/tiff
HKCR\MIME\Database\Content Type\image/x-tiff
HKCR\MIME\Database\Content Type\application/x-alternatiff
HKCR[\Wow6432Node]\CLSID\{106E49CF-797A-11D2-81A2-00E02C015623}
HKCR[\Wow6432Node]\TypeLib\{106E49CC-797A-11D2-81A2-00E02C015623}
HKCR[\Wow6432Node]\Interface\{106E49C9-797A-11D2-81A2-00E02C015623}
HKCR[\Wow6432Node]\Interface\{106E49CD-797A-11D2-81A2-00E02C015623}
HKCR\Alttiff.AlttiffCtl
HKCR\Alttiff.AlttiffCtl.1

The following keys are checked, and may (but usually will not) be modified:

HKCR\.tif
HKCR\.tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.tif
HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\MIME\image/tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\MIME\image/x-tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\MIME\application/x-alternatiff

The single most important registry setting is the "CLSID" value at HKCR\MIME\Database\Content Type\image/tiff. This is what usually determines the TIFF viewer that Internet Explorer will use.

Private registry settings

Prior to Windows Vista, the manner in which AlternaTIFF saved its settings was pretty simple. They were stored in the registry at:

HKCU\Software\MIE\AlternaTIFF

It would also attempt to write certain non-user-specific settings, such as the time of the last update-check, to:

HKLM\Software\MIE\AlternaTIFF

AlternaTIFF does not rely on being able to write to HKLM, but it will do so if it has sufficient privileges.

That worked fine until Windows Vista came along. In Vista, web browser add-ons like AlternaTIFF usually cannot store settings at those locations, because of two new features: registry virtualization and Protected Mode.

With registry virtualization, if an application attempts to write to HKLM when it doesn't have permission to do so, the write will be transparently redirected to another location in the registry, specifically:

HKCU\Software\Classes\VirtualStore\Machine

So, some AlternaTIFF settings may get written under that location.

"Protected Mode" is a feature of Internet Explorer, when running on Vista. It is designed to limit what ActiveX controls can do to your computer. It is turned on by default, except for sites in the Trusted Sites zone. Protected Mode requires UAC to be enabled in the operating system (which it is by default), but not vice versa.

In Protected Mode, attempted writes to HKLM simply fail, rather than being virtualized. More significantly, most writes to HKCU are virtualized, for some reason using a completely different scheme than the HKLM virtualization. An attempted write to HKCU\Software will actually go to:

HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\{SID}\Software
where "{SID}" is some user-specific "security token".

Registry reads will first check the virtualized location, provided that Protected Mode is still turned on. But if Protected Mode is no longer on, settings that were written to the registry will no longer be accessible. One consequence of this is that if you register AlternaTIFF (prior to version 1.8.3), then try to use it at a site in your Trusted Sites zone (or you turn Protected Mode off, or you turn UAC off), it will not work until you register it again.

There is a way around this problem. There are certain special "low integrity" locations in the registry that can be written to even in Protected Mode, without being virtualized. The relevant location in this case is:

HKCU\Software\AppDataLow

As of version 1.8.3, AlternaTIFF will store settings under this "AppDataLow" registry key if certain conditions are met. The conditions are that the AppDataLow key already exists, or that the web browser supports certain protected-mode-related functions. IE7 supports these functions, even when it is not running on Vista. Even the plug-in version of AlternaTIFF will use AppDataLow if it exists, so that settings can be shared with the ActiveX version.

Another complication is that, for 32-bit applications running on a 64-bit edition of Windows, settings which would normally be stored directly under HKLM\Software are actually stored under HKLM\Software\Wow6432Node.

To summarize this unfortunate state of affairs, there are now at least six different locations in the registry that AlternaTIFF's settings could exist in:

HKCU\Software\MIE\AlternaTIFF
HKLM\Software\MIE\AlternaTIFF
HKLM\Software\Wow6432Node\MIE\AlternaTIFF
HKCU\Software\Classes\VirtualStore\Machine\Software\MIE\AlternaTIFF
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\{SID}\Software\MIE\AlternaTIFF
HKCU\Software\AppDataLow\Software\MIE\AlternaTIFF

ActiveX troubleshooting for administrators

This primarily addresses issues in which AlternaTIFF works for the administrator accout, but not for regular user accounts.

Normally, when you install an ActiveX control while logged in as an admin, it is automatically available to non-admins. If that's not working:

AlternaTIFF is a "self-registering" ActiveX control. If you move the alttiff.ocx file to a new location, or want it to try again to write the correct registry settings, you can use the regsvr32.exe utility on the alttiff.ocx file. regsvr32.exe is a command-line utility that's included with Windows.

For the sake of completeness, we mention that IE 8 (on Vista and above) introduced a way for non-admins to install ActiveX controls, even an unmodified copy of AlternaTIFF. Refer to this document. But we have not yet taken any steps to help support that, mostly for tech support reasons. Note that it's unclear how one is expected to uninstall a control installed in such a way.