Re: win32 - access shared folder
From: MrReallyVeryNice (MrReallyVeryNice.NOVIRUS_at_NoSpam.yahoo.com)
Date: 06/30/04
- Next message: Randal L. Schwartz: "Re: Why can't I get WWW::Mechanize->find_all_links to work?"
- Previous message: Sherm Pendley: "Re: Looking for a certain regexp"
- In reply to: Sebastian Scholz: "win32 - access shared folder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 29 Jun 2004 19:28:56 -0700
First of all, let me offer you a little _untested_ sample script that will
hopefully help you:
--- Beginning ---
use strict;
use warnings;
my $IP=192.168.1.192; # define $IP to match your environment
my $ShareName='wwwroot'; # define $ShareName to match your environment
my $UserName='Administrator'; # define $UserName to match your environment
my $Password='SensitivePassword'; # define $UserName to match your
environment
# the following net use should connect to the share using the credentials
# defined for $UserName and $Password.
system ("net use \\\\$IP\\$ShareName /u:$IP\\$UserName $Password");
#you should now have access to the share and should be able to copy your
file over
system ("copy client.pl \\\\$IP\\$ShareName\\*.*");
--- End -----
Not being a native english speaker, I must admit that I'm slightly shooting
dark because the following statment is ambiguous (to me):
"The shared folder needs a login with login information that the user is not
suppose to have, so the login data has to be hard coded. What do I have to
do that the script does an automatic login ?"
Let me try to address what I believe to be your concern. As you requested,
if you hard code the login data (username/password) in the script, it is
really not secure. It is pretty much equivalent to handing over the
information to the end user running the script. Of course you might be in an
environment where users are not computer literate but it is only a matter of
time before one user reads your source code and figure out the
username/password.
You will find many threads concerning 'hidding' your source code. Run the
command 'perldoc -q hide' on your system or google. The bottom line is that
there is no way to hide the information once the script is running on the
user machine. You can try to create an executable or to offuscate the info,
however, another person with a bit of motivation and knowledge will
eventually reverse engineer your code. My purpose is not to scare you but
to make you aware. Writing a script containing a sensitive username and
password is just not secure.
To 'minimize' the risk, you might want to create a generic user that is
limited to writing to the share that you want the user to access. Don't use
any sensitive user belonging to your administrators group. :-) Also, you
have to realize that upon exit of the sample script provided above, the
connection to the share will still be there. You should consider removing
the connection to the share:
system ("net use \\\\$IP\\$ShareName /d"); # untested code
Don't hesitate to ask further questions or to report problems/success.
MrReallyVeryNice
- Next message: Randal L. Schwartz: "Re: Why can't I get WWW::Mechanize->find_all_links to work?"
- Previous message: Sherm Pendley: "Re: Looking for a certain regexp"
- In reply to: Sebastian Scholz: "win32 - access shared folder"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
