[THIN] Re: OT: Script Gurus?

If you want the vb wsh way here is a posting that I used to do it

http://groups.google.com/groups?selm=3E8240AB.98EACD54%40hydro.com

-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf
Of Braebaum, Neil
Sent: Thursday, April 17, 2003 8:46 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: OT: Script Gurus?



Will that help in determining the users permissions on files / folders? Or
merely the ability to write to ini files?

Numerous scripting languages support the easy ability to read / write from
ini file structures.

Neil

> -----Original Message-----
> From: Jim Kenzig http://thethin.net [mailto:jimkenz@xxxxxxxxxxxxxx]
> Sent: 17 April 2003 13:36
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: OT: Script Gurus?
> 
> Or he could just use http://thethin.net/iniwrite.zip
> 
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
> Behalf Of Braebaum, Neil
> Sent: Thursday, April 17, 2003 6:09 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: OT: Script Gurus?
> 
> Comments inline...
> 
> > -----Original Message-----
> > From: TheThin [mailto:TheThin@xxxxxxxxxxxxxxxxxxxxx]
> > Sent: 16 April 2003 23:25
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] OT: Script Gurus?
> >
> > I am writing a script to edit an INI file on login.
> Basically, I want
> > to scan a list of directories and if the user has access to the
> > directory put an entry in the .ini file for it.  I have everything 
> > worked out except for the ability to tell whether the user 
> has access
> > to the directory (ironically, I thought that would be the
> easy part).
> >
> > Currently I have permissions set so that user JQPublic
> cannot see the
> > file h:\point\lithonia\active\folder.ini .
> 
> Can you be a bit more specific about the DACLs you've set?
> When you say "cannot see" do you mean they shouldn't have any 
> access to the files? Or merely that they should be hidden?
> 
> > In fact, JQPublic cannot see anything under the lithonia folder at
> > all. I have verified this with a dos based "if exist" 
> statement, and
> > also dir commands, and cd commands. JQPublic cannot see the
> > "folder.ini" file, and cannot even see the 
> "h:\point\lithonia\active"
> > directory.  He cannot change into this directory, and if he
> does a dir
> > on h:\point\lithonia he gets a blank directory.
> >
> > Yet my vbscript issuing the following commands, sees the file
> > everytime:
> >
> >         sFolder=3Dh:\point\lithonia\active\folder.ini
> >         If (fso.FileExists(sFolder)) Then
> >           wscript.echo sFolder & " Exists and can be read"
> >
> > If I can't use the fso.FileExists property, is there
> another method to
> > tell whether a user can access a file with vbscript?
> 
> To be accurate / pedantic, you are not merely using vbscript,
> here, you are accessing aspects of WSH, through vbscript.
> 
> Such things like this, have to be provided by a scripting
> host environment, as opposed to a vbscript interpreter.
> 
> > Also, this would seem to be a security hole
> > (albeit minor).
> 
> Could you be more specific about exactly how you've gone
> about hiding / restricting these files / folders, before we 
> get into claims about security holes?
> 
> > In that using a simple vbscript, an attacker
> > could guess whether certain files exist and map a directory
> structure
> > through trial and error for things he shouldn't be able to see.
> 
> That does rather depend on how the "shoudn't be able to see"
> is implemented, though. More clarification, please.

***********************************************************************
This e-mail and its attachments are intended for the above named 
recipient(s) only and are confidential and may be privileged. If they have
come to you in error you must take no action based 
on them, nor must you copy or disclose them or any part of 
their contents to any person or organisation; please notify the 
sender immediately and delete this e-mail and its attachments from 
your computer system.

Please note that Internet communications are not necessarily secure 
and may be changed, intercepted or corrupted. We advise that 
you understand and observe this lack of security when e-mailing us 
and we will not accept any liability for any such changes, 
interceptions or corruptions. 

Although we have taken steps to ensure that this e-mail and its 
attachments are free from any virus, we advise that in keeping 
with good computing practice the recipient should ensure they 
are actually virus free.

Copyright in this e-mail and attachments created by us belongs 
to Littlewoods. 

Littlewoods takes steps to prohibit the transmission of offensive, 
obscene or discriminatory material.  If this message contains 
inappropriate material please forward the e-mail intact to 
postmaster@xxxxxxxxxxxxxxxxx and it will be investigated. 
Statements and opinions contained in this e-mail may not 
necessarily represent those of Littlewoods.

Please note that e-mail communication may be monitored.

Registered office: 
Littlewoods Retail Limited, 
Sir John Moores Building, 
100 Old Hall Street, 
Liverpool,
L70 1AB 
Registered no: 421258 

http://www.littlewoods.com 
***********************************************************************
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services 
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services 
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts: