|
Posted by David Bevan on 04/05/05 18:02
Please address replies to the list
--- Rory Browne <rory.browne@gmail.com> wrote:
> I'm not sure how you'd go about this from a security
> point of view,
> but perhaps for an Intranet, you could, check their
> IP address from
> $_SERVER['REMOTE_ADDR'], and check your login server
> to see who is
> logged in from that IP.
>
> Perhaps considering that you seem to have a way of
> providing such
> information to the Browser, you could use cookies.
> For your clientside
> code you could do something like the following:
>
> Bare in mind that I don't really know vbs, and the
> usual disclaimers apply.
> <script type="text/vbscript">
> for each tree in NWSess1.ConnectedTrees
> anyTree=tree.FullName
> anyUser=NWSess1.LoginName(anyTree)
> document.cookie="userid=" + anyUser +
> ";" + document.cookie
> next
> </script>
>
> You can then get the information then in PHP using
> $_COOKIE['userid'].
> I wouldn't normally advocate such a solution, you're
> relying on the
> user to tell you their name, and to tell you it
> accurately. You are
> assuming that they can't change document.cookie to
> userid=somebody_elses_name. That assumption only
> holds true if the
> person in question doesn't know how to use a
> browser.
>
> The situation you're describing suggests a strong
> lack of security.
>
> On Apr 5, 2005 1:28 PM, David Bevan
> <listes@rogers.com> wrote:
> > Another way you can get around passing info to the
> > server is to use hidden fields and make the entire
> > page into a form with each link in turn submitting
> the
> > form to the target script. You avoid putting
> > sensitive info into the address bar and you can
> take
> > advantage of header encryption if you need it.
> >
> > Regards,
> > David
> >
> > --- Ashley <afogleman@rtt-law.com> wrote:
> > > I have a unique problem that may be able to be
> > > solved another way, but I
> > > don't know how.
> > >
> > > What I need to do is pass a variable from a
> vbscript
> > > into php for use.
> > >
> > > I am using vbscript to access an activeX control
> on
> > > the computer that
> > > grabs the currently logged in user. This works
> > > fine, but I cannot
> > > determine how I can get that value into php so
> that
> > > I can use it.
> > >
> > > This is for an Intranet app. Basically I want
> to
> > > use the currently
> > > logged in user so that they don't have to log
> into
> > > the Intranet app.
> > >
> > > I am running this on a Netware 6.5 server
> running
> > > Apache 2.5.
> > >
> > > This may not be the best way to go about this,
> but
> > > it is the only thing
> > > that I have been able to find so I am open to
> > > suggestions.
> > >
> > > Thanks in advance,
> > > Ashley
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit:
> http://www.php.net/unsub.php
> > >
> > >
> >
> > --
> > PHP General Mailing List (http://www.php.net/)
> > To unsubscribe, visit:
> http://www.php.net/unsub.php
> >
> >
>
Navigation:
[Reply to this message]
|