HTA's down side is client trust. It is just like any other scripting language out there- good or evil may come of it.

I used some HTA's and they passed audits, in the company intranet. This was a few year back, again what was safe yesterday has gaping holes in it today.

Not all platforms support HTA - then again I think in your case it does not matter.

I consider anything that downloads executable content from the outside to your local PC *without* user intervention a "no no" these days.

Besides that, most AV/Firewalls will interfere with this kind of activity. If configure to your security software to ignore that HTA (or any other, similar application), you've just created a security hole on that system.

I prefer software that displays a notification about new avaliable updates and lets me decide wether I would like to download them (now) or not.

Yes, that might become a hassle, but these days, better be safe than sorry. If your customers demands some kind of automation, make them aware of the security issues involved.

I am with you Knuth, no worries.

This is indeed for audit stuff and users will get notified about this.
Also, any content send will be send with ssl.
I think i'll abandon hta's for the moment and stick to my PB app with interactive webcontrol.

HTA's are to limited (like cleaning up custom stuff from the HD etc).

We need to obain data from a local device (database etc) and post it to the website.
I have several ideas how to solve this but maybe there is an ingenius way to bring a local db's content to the internet (just on demand)
The connection can be any database.
Frankly even exported files should be read, so no DB connection.
We have such a tool which does > 200 importtypes but is not that integrated for local <> remote use yet.
That's what i am doing at the moment.