AlternaTIFF Technical Documentation

Contents

• <embed> or <object> tag parameters
• Access controls -- How to disable features
• Information about auto-update detection
• Other private registry settings
• Registry settings modified during installation
• Private registry settings
• ActiveX troubleshooting for administrators

• How to put TIFF images on your web site so that AlternaTIFF can use them
• Information about client-side scripting
• Toolbar customization
• How to customize the setup program

<embed> or <object> tag parameters

• HREF=(url) - This parameter turns the image into a "hot-link" that will send the browser to the specified URL when the user clicks on the image. An image that is a hot-link can still be zoomed or panned, but the user must hold down the Shift key (to zoom) or Ctrl key (to pan) when left-clicking on it.
• TARGET=(frame name) - Use TARGET in combination with HREF to specify the frame to load the URL into. This works the same as in the <A> tag.
• BGCOLOR="#rrggbb" - Set the background color to the specified HTML color. The color must be in hex-triplet form, and must begin with a hash symbol (#). Color names like "green" do not work. This parameter only works in AlternaTIFF 1.4.2 and higher.
• TOOLBAR=... - Control the display of the toolbar. The options are:
  • TOOLBAR=on: Display the toolbar.
  • TOOLBAR=off: Don't display the toolbar.
  • TOOLBAR=top: Display the toolbar at the top.
  • TOOLBAR=bottom: Display the toolbar at the bottom.
• FIT=... - Control the resizing behavior:
  • FIT=none: Display the image at its original size; same as FIT=100
  • FIT=width: Set the image's width to the width of the plug-in
  • FIT=height: Set the image's height to the height of the plug-in
  • FIT=best: Fit the entire image within the plug-in
  • FIT=N: Display the image at N percent of its original size. It will use the nearest one of the following list of percentages: 100, 70, 50, 33, 25, 17, 10, 5.
• ORIENT=... - Control the orientation of the image:
  • ORIENT=top: Use the image's normal orientation.
  • ORIENT=bottom: Display the image upside down.
  • ORIENT=right: Rotate the image right 90 degrees.
  • ORIENT=left: Rotate the image left 90 degrees.
• SMOOTH=(yes|no) - Resample the image if possible.
• NEGATIVE=(yes|no) - Display a photonegative of the image.
• PAGE=X - Start the viewer at page X. The first page is 1. If the file has fewer than X pages, it will start with the last page.
• MOUSEMODE=(zoom|pan|none) - Start in zoom or pan mode.
• ACCESS=X - See the section below on access controls.
• TOOLBARITEMS="..." - (v1.5.2+) Use a custom toolbar. The value is a "toolbar definition" string. For example, TOOLBARITEMS="PR,_,ME,AB" would display a toolbar with only three buttons: Print, Menu, About.
• AUTOPRINT=... - (v1.5.2+) Print the document immediately after it has loaded. This will only work if the user has Scripting enabled.
  • AUTOPRINT=1: Automatically display the "Print" dialog to the user
  • AUTOPRINT=4: Automatically print to the default printer with no confirmation. (This is normally not allowed.) If not allowed by the user, do nothing.
  • AUTOPRINT=5: Automatically print to the default printer with no confirmation. (This is normally not allowed.) If not allowed by the user, display the "Print" dialog.
• ENABLEEVENTS=X - (v1.9.0+) X is a bitfield indicating the scripting events that are initially enabled. By default, the OnReady and OnFileReady events are enabled, and all other events are disabled. For a list of event codes, see the documentation for SetValue, setting 20.
• ALTERNATIFFREGSVR=y: Causes the ActiveX version to, with the user's approval, attempt to re-register itself as IE's default TIFF viewer. This is semi-deprecated, and probably won't work when using Vista's Protected Mode.
• SRC=(url) - When using an <object> element, the ActiveX version looks for a "SRC" param to tell it what TIFF document to download. In all other cases, the initial download is handled internally by the web browser, using whatever standard is appropriate.

Disabling features

Feature disabling can be done in two ways: by adding a setting to the Windows registry of the client computer, or by including an "ACCESS" attribute in EMBED (or PARAM) tag.

To do this, you need to give AlternaTIFF a number that tells it what features to disable. To determine that number, pick the features you want to disable from this list and add up their corresponding numbers:

1	Disable everything if not embedded (see below)
2	Save settings
4	Print
8	Save to disk
16	Open local file
32	Set wallpaper
64	Copy to clipboard
128	Reveal image's URL to user (v1.4.1+ only) (see below)
256	Scripting (relevant only to ActiveX v1.5.0+ and Plug-in v1.5.2+)
512	Menu (Context menu and Menu button) (v1.5.1+)
1024	Send Image (v1.5.2+)
2048	Reserved
4096	Show TIFF tags (v1.6.6+)
8192	Check for new version (v1.7.2+)

For example, to disable printing and setting wallpaper, use 4+32 = 36. The embed tag would look something like this:
<embed src=image.tif access=36 width=200 height=200>.

Instead of putting "ACCESS=" in the web page, you can put the setting in the Windows Registry by creating a DWORD value at "HKLM\Software\MIE\AlternaTIFF\access" or "HKCU\Software\MIE\AlternaTIFF\access". The controls will then apply anytime the plug-in is used. This is the preferred method. If both methods are used, any feature disabled by either method will be disabled.

The value 1 ("Disable everything if not embedded") does just that -- if the plugin is viewing a full-page (or full-frame) document, it will disable all of the other features listed. It is useful only in the registry. This setting exists because full-page plug-ins can't have parameters like ACCESS: the user need only type the url of the document into his browser to get full access to it. In effect, it configures the plug-in to be receptive to settings used in EMBED tags.

The value 128 (Reveal URL) disables features like "Copy Link Location" and "Open in New Window" that would allow the user to easily determine the URL of the image file being displayed. This does not provide real security, since the user can typically get the URL by other means, such as the browser's "View Source" function.

NOTE: This access control feature is not intended for use on a public web server. It is easy to get around, and is only potentially useful in a controlled environment where users do not have full control over their own computers, such as some corporate intranets or public terminals. Even then, it is practically impossible to prevent a savvy user from getting around it. For example, the browser may have a way to save a document to disk, regardless of whether the plug-in has such a feature. Or the user may be able to retrieve the document from the browser's cache.

Auto Update Notification

The only information transmitted over the connection is the version of AlternaTIFF that you are using. Since this is a TCP/IP connection, your (external) IP address is also visible to us.

The feature can be turned off by right-clicking, choosing "More Settings" from the menu, then unchecking "Automatically check for new version" if it is checked.

AlternaTIFF normally checks for a new version every 10 days. If it fails to connect, it will wait 3 days before trying again. Those are minimum values, since it will not perform a check unless it is used to view an image.

The waiting periods (10 days and 3 days) can be changed by directly modifying the Windows registry. Set the DWORD at "HKEY_LOCAL_MACHINE\Software\MIE\AlternaTIFF\updateinterval" to the number of days between checks, and the DWORD at "HKEY_LOCAL_MACHINE\Software\MIE\AlternaTIFF\updateretry" to the number of days to wait after a failure.

The user can view the "About box" (right click, "About...") to see when the last update check was performed. The user can initiate an immediate check by right-clicking, choosing "Tools", then "Check for new version".

Other private registry settings

A few options are available "just in case", but have no user interface for setting them. They are intended only for administrators or power users, and must be set by editing the Windows registry directly, at HKEY_CURRENT_USER\Software\MIE\AlternaTIFF or HKEY_LOCAL_MACHINE\Software\MIE\AlternaTIFF.

"miscflags" [DWORD]

This is a bitmask. Currently, only one bit is defined.
  0x00000001 - reserved
  0x00000002 - If set, allows remote scripts to attempt to load local URLs using the LoadImage() method. This flag is obsolete as of version 1.7.5. The "allow scripts to open local files" setting in the "More Settings->Advanced" dialog should be used instead.
  0x00000004 - reserved
  ...

"memorylimit" [DWORD]

The maximum number of kilobytes of memory to allocate for the image. Images requiring more memory will not be displayed.

"zoomrect" [string]

A comma-separated string of numbers defining a custom location for the zoom window, for example, "100,600,100,400" (left,top,right,bottom). After defining the region, it must be enabled. To enable it, go to More Settings and select the "Custom" size, or set the "zoomsize" registry setting to 6.

"sendmethod" [DWORD]

This affects how the "Send Image" function works internally. AlternaTIFF supports two different ways to send attachments using MAPI, which we'll call MAPISendDocuments and MAPISendMail. Theoretically, MAPISendDocuments is the most appropriate method, but due to serious bugs in some email clients, we've pretty much given up on it. You can force AlternaTIFF to use it, though.
  0 = auto (typically this will always use MAPISendMail)
  1 = use MAPISendDocuments
  2 = use MAPISendMail

Registry settings modified during installation

The plug-in version of AlternaTIFF does not modify any non-private Windows registry settings, but the ActiveX version must do so in order for Internet Explorer to use it. During installation, the following registry keys are created or updated:

HKCR\MIME\Database\Content Type\image/tiff
HKCR\MIME\Database\Content Type\image/x-tiff
HKCR\MIME\Database\Content Type\application/x-alternatiff
HKCR[\Wow6432Node]\CLSID\{106E49CF-797A-11D2-81A2-00E02C015623}
HKCR[\Wow6432Node]\TypeLib\{106E49CC-797A-11D2-81A2-00E02C015623}
HKCR[\Wow6432Node]\Interface\{106E49C9-797A-11D2-81A2-00E02C015623}
HKCR[\Wow6432Node]\Interface\{106E49CD-797A-11D2-81A2-00E02C015623}
HKCR\Alttiff.AlttiffCtl
HKCR\Alttiff.AlttiffCtl.1

The following keys are checked, and may (but usually will not) be modified:

HKCR\.tif
HKCR\.tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.tif
HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\MIME\image/tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\MIME\image/x-tiff
HKLM\Software\Microsoft\Internet Explorer\Plugins\MIME\application/x-alternatiff

The single most important registry setting is the "CLSID" value at HKCR\MIME\Database\Content Type\image/tiff. This is what usually determines the TIFF viewer that Internet Explorer will use.

Private registry settings

Prior to Windows Vista, the manner in which AlternaTIFF saved its settings was pretty simple. They were stored in the registry at:

HKCU\Software\MIE\AlternaTIFF

It would also attempt to write certain non-user-specific settings, such as the time of the last update-check, to:

HKLM\Software\MIE\AlternaTIFF

AlternaTIFF does not rely on being able to write to HKLM, but it will do so if it has sufficient privileges.

That worked fine until Windows Vista came along. In Vista, web browser add-ons like AlternaTIFF usually cannot store settings at those locations, because of two new features: registry virtualization and Protected Mode.

With registry virtualization, if an application attempts to write to HKLM when it doesn't have permission to do so, the write will be transparently redirected to another location in the registry, specifically:

HKCU\Software\Classes\VirtualStore\Machine

So, some AlternaTIFF settings may get written under that location.

"Protected Mode" is a feature of Internet Explorer, when running on Vista. It is designed to limit what ActiveX controls can do to your computer. It is turned on by default, except for sites in the Trusted Sites zone. Protected Mode requires UAC to be enabled in the operating system (which it is by default), but not vice versa.

In Protected Mode, attempted writes to HKLM simply fail, rather than being virtualized. More significantly, most writes to HKCU are virtualized, for some reason using a completely different scheme than the HKLM virtualization. An attempted write to HKCU\Software will actually go to:

HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\{SID}\Software

Registry reads will first check the virtualized location, provided that Protected Mode is still turned on. But if Protected Mode is no longer on, settings that were written to the registry will no longer be accessible. One consequence of this is that if you register AlternaTIFF (prior to version 1.8.3), then try to use it at a site in your Trusted Sites zone (or you turn Protected Mode off, or you turn UAC off), it will not work until you register it again.

There is a way around this problem. There are certain special "low integrity" locations in the registry that can be written to even in Protected Mode, without being virtualized. The relevant location in this case is:

HKCU\Software\AppDataLow

As of version 1.8.3, AlternaTIFF will store settings under this "AppDataLow" registry key if certain conditions are met. The conditions are that the AppDataLow key already exists, or that the web browser supports certain protected-mode-related functions. IE7 supports these functions, even when it is not running on Vista. Even the plug-in version of AlternaTIFF will use AppDataLow if it exists, so that settings can be shared with the ActiveX version.

Another complication is that, for 32-bit applications running on a 64-bit edition of Windows, settings which would normally be stored directly under HKLM\Software are actually stored under HKLM\Software\Wow6432Node.

To summarize this unfortunate state of affairs, there are now at least six different locations in the registry that AlternaTIFF's settings could exist in:

HKCU\Software\MIE\AlternaTIFF
HKLM\Software\MIE\AlternaTIFF
HKLM\Software\Wow6432Node\MIE\AlternaTIFF
HKCU\Software\Classes\VirtualStore\Machine\Software\MIE\AlternaTIFF
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\{SID}\Software\MIE\AlternaTIFF
HKCU\Software\AppDataLow\Software\MIE\AlternaTIFF

ActiveX troubleshooting for administrators

This primarily addresses issues in which AlternaTIFF works for the administrator accout, but not for regular user accounts.

Normally, when you install an ActiveX control while logged in as an admin, it is automatically available to non-admins. If that's not working:

• Have you configured security in such a way that non-admins cannot run any ActiveX controls, or cannot run unapproved ActiveX controls?
• From the non-admin's perspective, does the Windows registry value at HKCR\MIME\Database\Content Type\image/tiff\CLSID contain AlternaTIFF's ID ("{106E49CF-797A-11D2-81A2-00E02C015623}")?
• From the non-admin's perspective, does the value at HKCR[\Wow6432Node]\CLSID\{106E49CF-797A-11D2-81A2-00E02C015623}\InprocServer32\(Default) contain the path to the alttiff.ocx file? Is that file present, and executable by the non-admin user? Verify the file's permissions. Beware of network paths and mapped drives that are different for admins than they are for other users.

AlternaTIFF is a "self-registering" ActiveX control. If you move the alttiff.ocx file to a new location, or want it to try again to write the correct registry settings, you can use the regsvr32.exe utility on the alttiff.ocx file. regsvr32.exe is a command-line utility that's included with Windows.

For the sake of completeness, we mention that IE 8 (on Vista and above) introduced a way for non-admins to install ActiveX controls, even an unmodified copy of AlternaTIFF. Refer to this document. But we have not yet taken any steps to help support that, mostly for tech support reasons. Note that it's unclear how one is expected to uninstall a control installed in such a way.