[THIN] OT: Script Gurus?
- From: "TheThin" <TheThin@xxxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 16 Apr 2003 18:25:07 -0400
I am writing a script to edit an INI file on login. Basically, I want
to
scan a list of directories and if the user has access to the directory
put
an entry in the .ini file for it. I have everything worked out except
for
the ability to tell whether the user has access to the directory
(ironically, I thought that would be the easy part).
Currently I have permissions set so that user JQPublic cannot see the
file
h:\point\lithonia\active\folder.ini .
In fact, JQPublic cannot see anything under the lithonia folder at all.
I
have verified this with a dos based "if exist" statement, and also dir
commands, and cd commands. JQPublic cannot see the "folder.ini" file,
and
cannot even see the "h:\point\lithonia\active" directory. He cannot
change
into this directory, and if he does a dir on h:\point\lithonia he gets a
blank directory.
Yet my vbscript issuing the following commands, sees the file everytime:
sFolder=3Dh:\point\lithonia\active\folder.ini
If (fso.FileExists(sFolder)) Then
wscript.echo sFolder & " Exists and can be read"
If I can't use the fso.FileExists property, is there another method to
tell
whether a user can access a file with vbscript? Also, this would seem
to be a security
hole (albeit minor). In that using a simple vbscript, an attacker could
guess whether certain files exist and map a directory structure through
trial and error for things
he shouldn't be able to see.
Thanks,
Brian Politis
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
