How reliable/secure are getenv('User') & WScript.Network

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

How reliable/secure are getenv('User') & WScript.Network

Message

From

21/10/2004 19:20:05

Sergey Berezniker
New York, United States

21/10/2004 10:42:54

Rodd Harris
New Tribes Mission
Sanford, Florida, United States

General information

Forum:

Visual FoxPro

Category:

Coding, syntax & commands

Title:

Re: How reliable/secure are getenv('User') & WScript.Network

Miscellaneous

Thread ID:

00953302

Message ID:

00953561

Views:

Rodd,

You can use WNetGetUser Win API.

* Function GetUserName
* Returns Windows user name

LOCAL lcBuffer, lnSize, lnRetCode, lcUserName
lcBuffer = REPL(CHR(0),64)
lnSize = LEN(lcBuffer) -1
DECLARE LONG WNetGetUser IN "mpr.dll"  ;
	STRING lpName , STRING @lcBuffer, LONG @lnSize
lnRetCode = WNetGetUser("", @lcBuffer, @lnSize )
lcUserName = LEFT(lcBuffer, AT(CHR(0), lcBuffer)-1)
RETURN lcUserName

>GetEnv() and WScript.Network both rely on Environment variables to obtain the user and domain information. How secure is that? Aren't environment variables easily created/destroyed/edited?
>
>We're wanting to use the credentials with which the user logged in for our applications security so that the user does not have to log into their workstation and then turn around and log into our app. We've talked about pulling the information from GetEnv or WScript but if users can "tweak" environment variables then that would allow them to spoof other users, etc.
>

--sb--

Map

View

Click here to load this message in the networking platform