[THIN] Re: OT: Script Gurus?
- From: "Sullivan, Glenn" <GSullivan@xxxxxxxxxxxxxx>
- To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
- Date: Thu, 17 Apr 2003 11:59:35 -0400
Quick suggestion:
Add a line at the top of the script that says:
Option Explicit
This will force you to DIM all variables before you use them. But if you
had done that, the error you were having would have been along the lines off
"Undefined variable fso" instead of just falling through...
Which causes me to say "Damn it, I know I defined that variable... let me
look at the top of the script. D'oh! It is g_fso! Dummy me!"
Hope this helps,
Glenn Sullivan, MCSE+I MCDBA
David Clark Company Inc.
-----Original Message-----
From: TheThin [mailto:TheThin@xxxxxxxxxxxxxxxxxxxxx]
Sent: Thursday, April 17, 2003 11:48 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: Script Gurus?
Thanks, for all the advice, here is the situation. =20
I posted the same message to another list and got back the following:
I suspect that the problem is in your error handling. In your
if(fso.FileExists(sFolder)) line, I imagine that instead of=20
evaluating true false, the statement is returning an error.
In VB (with On Error Resume Next) the fall through is to run the
following
line regardless of whether the preceding if clause evaluated to
true
or not. One problem you are running into is VBScript does not
have robust
error handling. I may be able to work with you to get this
script more operational.
=20
Jim
Jim was correct. I had defined the FSO object as g_oFSO, and was
referencing the object incorrectly in my subroutine. I spent about 2
hours on this last night... DOH!
Thanks again all. I am relatively new to vbscript and have learned my
lesson on error handling.
--Brian Politis
-----Original Message-----
From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]=20
Posted At: Thursday, April 17, 2003 9:42 AM
Posted To: TheThin
Conversation: [THIN] Re: OT: Script Gurus?
Subject: [THIN] Re: OT: Script Gurus?
Yebbut - the problem is apparently the opposite to that - by any normal
convention, the user cannot see the files / folders - but by using the
FSO WSH stuff via vbscript, apparently the OP can <shrug>
Neil
> -----Original Message-----
> From: Magnus [mailto:magnus@xxxxxxxx]
> Sent: 17 April 2003 14:33
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: OT: Script Gurus?
>=20
> Check and make sure that the file is not hidden or has the
> system file attrib set. This would fprevent you from "seeing=20
> it" with a script.
>=20
> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Braebaum, Neil
> Sent: Thursday, April 17, 2003 6:09 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: [THIN] Re: OT: Script Gurus?
>=20
> Comments inline...
>=20
> > -----Original Message-----
> > From: TheThin [mailto:TheThin@xxxxxxxxxxxxxxxxxxxxx]
> > Sent: 16 April 2003 23:25
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] OT: Script Gurus?
> >=20
> > I am writing a script to edit an INI file on login.
> Basically, I want
> > to scan a list of directories and if the user has access to the
> > directory put an entry in the .ini file for it. I have everything=20
> > worked out except for the ability to tell whether the user=20
> has access
> > to the directory (ironically, I thought that would be the
> easy part).
> >=20
> > Currently I have permissions set so that user JQPublic
> cannot see the
> > file h:\point\lithonia\active\folder.ini .
>=20
> Can you be a bit more specific about the DACLs you've set?
> When you say "cannot see" do you mean they shouldn't have any=20
> access to the files? Or merely that they should be hidden?
>=20
> > In fact, JQPublic cannot see anything under the lithonia folder at
> > all. I have verified this with a dos based "if exist"=20
> statement, and
> > also dir commands, and cd commands.
> > JQPublic cannot see the "folder.ini" file, and cannot even
> > see the "h:\point\lithonia\active" directory. He cannot=20
> > change into this directory, and if he does a dir on=20
> > h:\point\lithonia he gets a blank directory.
> >=20
> > Yet my vbscript issuing the following commands, sees the file
> > everytime:
> >=20
> > sFolder=3D3Dh:\point\lithonia\active\folder.ini
> > If (fso.FileExists(sFolder)) Then
> > wscript.echo sFolder & " Exists and can be read"
> >=20
> > If I can't use the fso.FileExists property, is there
> another method to
> > tell whether a user can access a file with vbscript?
>=20
> To be accurate / pedantic, you are not merely using vbscript,
> here, you are accessing aspects of WSH, through vbscript.
>=20
> Such things like this, have to be provided by a scripting
> host environment, as opposed to a vbscript interpreter.
>=20
> > Also, this would seem to be a security hole
> > (albeit minor).
>=20
> Could you be more specific about exactly how you've gone
> about hiding / restricting these files / folders, before we=20
> get into claims about security holes?
>=20
> > In that using a simple vbscript, an attacker
> > could guess whether certain files exist and map a directory=20
> > structure through trial and error for things he shouldn't be able to
> > see.
>=20
> That does rather depend on how the "shoudn't be able to see"
> is implemented, though. More clarification, please.
>=20
> Neil
***********************************************************************
This e-mail and its attachments are intended for the above named=20
recipient(s) only and are confidential and may be privileged. If they
have come to you in error you must take no action based=20
on them, nor must you copy or disclose them or any part of=20
their contents to any person or organisation; please notify the=20
sender immediately and delete this e-mail and its attachments from=20
your computer system.
Please note that Internet communications are not necessarily secure=20
and may be changed, intercepted or corrupted. We advise that=20
you understand and observe this lack of security when e-mailing us=20
and we will not accept any liability for any such changes,=20
interceptions or corruptions.=20
Although we have taken steps to ensure that this e-mail and its=20
attachments are free from any virus, we advise that in keeping=20
with good computing practice the recipient should ensure they=20
are actually virus free.
Copyright in this e-mail and attachments created by us belongs=20
to Littlewoods.=20
Littlewoods takes steps to prohibit the transmission of offensive,=20
obscene or discriminatory material. If this message contains=20
inappropriate material please forward the e-mail intact to=20
postmaster@xxxxxxxxxxxxxxxxx and it will be investigated.=20
Statements and opinions contained in this e-mail may not=20
necessarily represent those of Littlewoods.
Please note that e-mail communication may be monitored.
Registered office:=20
Littlewoods Retail Limited,=20
Sir John Moores Building,=20
100 Old Hall Street,=20
Liverpool,
L70 1AB=20
Registered no: 421258=20
http://www.littlewoods.com=20
***********************************************************************
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services=20
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or=20
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
Other related posts:
