Prev: Size On Disk
Next: Draw an Arc
From: Martin on 21 Jun 2008 10:20
I have an app (VB6 of course) that, among other things, downloads some
data from SQLServer. This is an in-house only application. The user
has to log in to access the server data but all users use the same
login ID.

I have some code in the program that makes a record of the fact that
the user has done a down-load and, to make it unique for each user, I
am reading a UserName from the registry on the user's computer.
(from: HKCU\Software\Microsoft\Office\9.0\Common\UserInfo)

Unfortunately, as I've just discovered, this registry entry does not
exist on everyone's computer.

So, my question is: what registry entry should I read that would yield
a unique identification of the user (or his computer) that I can count
on being there on every computer (they're all running Windows XP).

Maybe his log-in name? Or the computer name?

Any suggestions?

Thanks.

From: Ralph on 21 Jun 2008 13:21

"Martin" <ironwoodcanyon(a)gmail.com> wrote in message
news:7f3q54p7stcilsdl3r5v9v3jvr1659rdod(a)4ax.com...
> I have an app (VB6 of course) that, among other things, downloads some
> data from SQLServer. This is an in-house only application. The user
> has to log in to access the server data but all users use the same
> login ID.
>
> I have some code in the program that makes a record of the fact that
> the user has done a down-load and, to make it unique for each user, I
> am reading a UserName from the registry on the user's computer.
> (from: HKCU\Software\Microsoft\Office\9.0\Common\UserInfo)
>
> Unfortunately, as I've just discovered, this registry entry does not
> exist on everyone's computer.
>
> So, my question is: what registry entry should I read that would yield
> a unique identification of the user (or his computer) that I can count
> on being there on every computer (they're all running Windows XP).
>
> Maybe his log-in name? Or the computer name?
>
> Any suggestions?
>
> Thanks.
>

The simplest methods are to read the Environmental Variable "UserName" or
the WinAPI GetUserName():

sUserName = Environ$("USERNAME")

or
// a piece of fluff around since VB4
Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal
lpBuffer As String, nSize As Long) As Long

Function GetUserIDStr() As String
Dim sBuffer As String: sBuffer = Space$(255)
Dim lSize As Long: lSize = Len(sBuffer)
Dim pos As Long
Call GetUserName(sBuffer, lSize)
pos = InStr(1, sBuffer, vbNullChar)
If pos = 0 Then pos = lSize
GetUserIDStr = Left$(sBuffer, pos - 1)
End Function

You are going to get a variety of answers and many developers will scream at
using the above. The reason is "Security" and everyone of those people will
be correct. An 'attacker' can easily muck about with either of these
methods.

But in your case it doesn't appear impersonation or authentication is a
serious problem or you wouldn't be doing what you are doing in the first
place. <g>

hth
-ralph


From: Richard Mueller [MVP] on 21 Jun 2008 14:12

"Ralph" <nt_consulting64(a)yahoo.com> wrote in message
news:u6J0EO80IHA.3756(a)TK2MSFTNGP04.phx.gbl...
>
> "Martin" <ironwoodcanyon(a)gmail.com> wrote in message
> news:7f3q54p7stcilsdl3r5v9v3jvr1659rdod(a)4ax.com...
>> I have an app (VB6 of course) that, among other things, downloads some
>> data from SQLServer. This is an in-house only application. The user
>> has to log in to access the server data but all users use the same
>> login ID.
>>
>> I have some code in the program that makes a record of the fact that
>> the user has done a down-load and, to make it unique for each user, I
>> am reading a UserName from the registry on the user's computer.
>> (from: HKCU\Software\Microsoft\Office\9.0\Common\UserInfo)
>>
>> Unfortunately, as I've just discovered, this registry entry does not
>> exist on everyone's computer.
>>
>> So, my question is: what registry entry should I read that would yield
>> a unique identification of the user (or his computer) that I can count
>> on being there on every computer (they're all running Windows XP).
>>
>> Maybe his log-in name? Or the computer name?
>>
>> Any suggestions?
>>
>> Thanks.
>>
>
> The simplest methods are to read the Environmental Variable "UserName" or
> the WinAPI GetUserName():
>
> sUserName = Environ$("USERNAME")
>
> or
> // a piece of fluff around since VB4
> Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA"
> (ByVal
> lpBuffer As String, nSize As Long) As Long
>
> Function GetUserIDStr() As String
> Dim sBuffer As String: sBuffer = Space$(255)
> Dim lSize As Long: lSize = Len(sBuffer)
> Dim pos As Long
> Call GetUserName(sBuffer, lSize)
> pos = InStr(1, sBuffer, vbNullChar)
> If pos = 0 Then pos = lSize
> GetUserIDStr = Left$(sBuffer, pos - 1)
> End Function
>
> You are going to get a variety of answers and many developers will scream
> at
> using the above. The reason is "Security" and everyone of those people
> will
> be correct. An 'attacker' can easily muck about with either of these
> methods.
>
> But in your case it doesn't appear impersonation or authentication is a
> serious problem or you wouldn't be doing what you are doing in the first
> place. <g>
>
> hth
> -ralph
>

If you can use Windows Integrated (instead of SQL logins) everyone will have
their own identity but not have to supply credentials again when they access
the database. Also, you can use the wshNetwork object to retrieve the names
of the current user and the computer.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


From: Ralph on 21 Jun 2008 19:35

"Richard Mueller [MVP]" <rlmueller-nospam(a)ameritech.nospam.net> wrote in
message news:uxQIpp80IHA.4364(a)TK2MSFTNGP02.phx.gbl...
>
> "Ralph" <nt_consulting64(a)yahoo.com> wrote in message
> news:u6J0EO80IHA.3756(a)TK2MSFTNGP04.phx.gbl...
> >
> > "Martin" <ironwoodcanyon(a)gmail.com> wrote in message
> > news:7f3q54p7stcilsdl3r5v9v3jvr1659rdod(a)4ax.com...
> >> I have an app (VB6 of course) that, among other things, downloads some
> >> data from SQLServer. This is an in-house only application. The user
> >> has to log in to access the server data but all users use the same
> >> login ID.
> >>
> >> I have some code in the program that makes a record of the fact that
> >> the user has done a down-load and, to make it unique for each user, I
> >> am reading a UserName from the registry on the user's computer.
> >> (from: HKCU\Software\Microsoft\Office\9.0\Common\UserInfo)
> >>
> >> Unfortunately, as I've just discovered, this registry entry does not
> >> exist on everyone's computer.
> >>
> >> So, my question is: what registry entry should I read that would yield
> >> a unique identification of the user (or his computer) that I can count
> >> on being there on every computer (they're all running Windows XP).
> >>
> >> Maybe his log-in name? Or the computer name?
> >>
> >> Any suggestions?
> >>
> >> Thanks.
> >>
> >
> > The simplest methods are to read the Environmental Variable "UserName"
or
> > the WinAPI GetUserName():
> >
> > sUserName = Environ$("USERNAME")
> >
> > or
> > // a piece of fluff around since VB4
> > Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA"
> > (ByVal
> > lpBuffer As String, nSize As Long) As Long
> >
> > Function GetUserIDStr() As String
> > Dim sBuffer As String: sBuffer = Space$(255)
> > Dim lSize As Long: lSize = Len(sBuffer)
> > Dim pos As Long
> > Call GetUserName(sBuffer, lSize)
> > pos = InStr(1, sBuffer, vbNullChar)
> > If pos = 0 Then pos = lSize
> > GetUserIDStr = Left$(sBuffer, pos - 1)
> > End Function
> >
> > You are going to get a variety of answers and many developers will
scream
> > at
> > using the above. The reason is "Security" and everyone of those people
> > will
> > be correct. An 'attacker' can easily muck about with either of these
> > methods.
> >
> > But in your case it doesn't appear impersonation or authentication is a
> > serious problem or you wouldn't be doing what you are doing in the first
> > place. <g>
> >
> > hth
> > -ralph
> >
>
> If you can use Windows Integrated (instead of SQL logins) everyone will
have
> their own identity but not have to supply credentials again when they
access
> the database. Also, you can use the wshNetwork object to retrieve the
names
> of the current user and the computer.
>

Using Windows Integrated security is the better solution all around. But if
the OP ain't the DBA - he'll have a hard time convincing them to change it.
<bg>

-ralph


From: Martin on 23 Jun 2008 08:52
On Sat, 21 Jun 2008 12:21:24 -0500, "Ralph"
<nt_consulting64(a)yahoo.com> wrote:

>
>"Martin" <ironwoodcanyon(a)gmail.com> wrote in message
>news:7f3q54p7stcilsdl3r5v9v3jvr1659rdod(a)4ax.com...
>> I have an app (VB6 of course) that, among other things, downloads some
>> data from SQLServer. This is an in-house only application. The user
>> has to log in to access the server data but all users use the same
>> login ID.
>>
>> I have some code in the program that makes a record of the fact that
>> the user has done a down-load and, to make it unique for each user, I
>> am reading a UserName from the registry on the user's computer.
>> (from: HKCU\Software\Microsoft\Office\9.0\Common\UserInfo)
>>
>> Unfortunately, as I've just discovered, this registry entry does not
>> exist on everyone's computer.
>>
>> So, my question is: what registry entry should I read that would yield
>> a unique identification of the user (or his computer) that I can count
>> on being there on every computer (they're all running Windows XP).
>>
>> Maybe his log-in name? Or the computer name?
>>
>> Any suggestions?
>>
>> Thanks.
>>
>
>The simplest methods are to read the Environmental Variable "UserName" or
>the WinAPI GetUserName():
>
> sUserName = Environ$("USERNAME")
>

Thanks. This gives me the info I wanted (and things don't get much
simpler to use than this).


>or
> // a piece of fluff around since VB4
>Declare Function GetUserName Lib "advapi32.dll" Alias "GetUserNameA" (ByVal
>lpBuffer As String, nSize As Long) As Long
>
>Function GetUserIDStr() As String
> Dim sBuffer As String: sBuffer = Space$(255)
> Dim lSize As Long: lSize = Len(sBuffer)
> Dim pos As Long
> Call GetUserName(sBuffer, lSize)
> pos = InStr(1, sBuffer, vbNullChar)
> If pos = 0 Then pos = lSize
> GetUserIDStr = Left$(sBuffer, pos - 1)
>End Function
>
>You are going to get a variety of answers and many developers will scream at
>using the above. The reason is "Security" and everyone of those people will
>be correct. An 'attacker' can easily muck about with either of these
>methods.
>
>But in your case it doesn't appear impersonation or authentication is a
>serious problem or you wouldn't be doing what you are doing in the first
>place. <g>
>
>hth
>-ralph
>

 | 
Pages: 1
Prev: Size On Disk
Next: Draw an Arc