I've made an ASP page that calls a small executable and collects its
text output into a variable ("strExeOut" ) below. Below is some code similar
to the one I use for that purpose.
strExe = "C:\whatever\my program.exe -h1 -d33"
Set objShell = CreateObject("W Script.Shell")
Set objScriptExec = objShell.Exec(s trExe)
strExeOut = objScriptExec.S tdOut.ReadAll
I developed this in my own computer and the whole thing works like a charm,
but
unfortunately I assumed my hosting provider would let me run the (little and
harmless) exe, and they won't.
Therefore I have to run only the "exe" portion of the code in another web
server and send
back the output to my website on the net.
I'd like to get some feedback on what would
be the best way to call an exe on another server, and to have the output
sent back.
Any help is appreciated. Thanks in advance. 4 2309
1. Make sure you've set a security proc on the server that CAN run the exe, to prevent unauthorised servers running it (e.g. a security key or whatever that will be passed from one to the other)
2. Stick ALL of the code that runs the exe, into a file on the server that can run the exe
3. Use the XMLHTTP object to run the asp page on the other server, and to return the results.
Thats my thoughts on it anyway....
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
"joe" <no****@nowhere .com> wrote in message news:xI******** ************@ne ws20.bellglobal .com... I've made an ASP page that calls a small executable and collects its text output into a variable ("strExeOut" ) below. Below is some code similar to the one I use for that purpose. strExe = "C:\whatever\my program.exe -h1 -d33" Set objShell = CreateObject("W Script.Shell") Set objScriptExec = objShell.Exec(s trExe) strExeOut = objScriptExec.S tdOut.ReadAll I developed this in my own computer and the whole thing works like a charm, but unfortunately I assumed my hosting provider would let me run the (little and harmless) exe, and they won't. Therefore I have to run only the "exe" portion of the code in another web server and send back the output to my website on the net. I'd like to get some feedback on what would be the best way to call an exe on another server, and to have the output sent back. Any help is appreciated. Thanks in advance.
Steven:
Thank you. So far the method is working. I still haven't dealt with the
security aspect, as I am a bit ignorant of the administration of IIS. Does
it matter that the exe doesn't really do anything except to output some
text? What are the risks, besides someone issuing XMLHTTP calls to the page
where the WScript.Shell Object is used, and retrieving its output? Sorry if
my question is too newbie-like.
It depends on what the text contains.... but personally I'd be inclined to protect it regardless (I always tend to err on the side of paranoia).
Executables, as with anything else, use resources, so allowing someone else to access the file could (in theory) allow them to bombard the page with requests, causing your server to crash (could also happen with regular web-files though, it's not an issue thats restricted to certain file types).
I don't actually run exe's on the server so don't know the in's and out's where the security aspect is concerned though, you'll have to wait for one of the experts to come along and advise you on this one.
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
"joe" <no****@nowhere .com> wrote in message news:z_******** **********@news 20.bellglobal.c om... Steven: Thank you. So far the method is working. I still haven't dealt with the security aspect, as I am a bit ignorant of the administration of IIS. Does it matter that the exe doesn't really do anything except to output some text? What are the risks, besides someone issuing XMLHTTP calls to the page where the WScript.Shell Object is used, and retrieving its output? Sorry if my question is too newbie-like.
"Steven Burn" <so*******@in-time.invalid> wrote in message
news:eH******** ******@TK2MSFTN GP12.phx.gbl...
It depends on what the text contains.... but personally I'd be inclined to
protect it regardless (I always tend to err on the side of paranoia).
Executables, as with anything else, use resources, so allowing someone else
to access the file could (in theory) allow them to bombard the page with
requests, causing your server to crash (could also happen with regular
web-files though, it's not an issue thats restricted to certain file types).
I don't actually run exe's on the server so don't know the in's and out's
where the security aspect is concerned though, you'll have to wait for one
of the experts to come along and advise you on this one.
<<<<<
The security risk is that it is much much more difficult to restrict an EXE
that it is to restrict the actions of a script. An EXE has the whole Win32
API available to it, it can manipilate ACEs and process tokens, it can call
LoginUser as part of a brute-force password attack, it can explicitly
allocate large chunks of memory -- there is no stopping even an uninspired
C++ programmer from crashing the system on purpose if s/he wants to, and you
allow his/her EXE to run.
Bottom line, the system is almost infinitely more vulnerable to rogue code
in an EXE, even if it's accidental, than it is to script.
-Mark
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
"joe" <no****@nowhere .com> wrote in message
news:z_******** **********@news 20.bellglobal.c om... Steven:
Thank you. So far the method is working. I still haven't dealt with the security aspect, as I am a bit ignorant of the administration of IIS. Does it matter that the exe doesn't really do anything except to output some text? What are the risks, besides someone issuing XMLHTTP calls to the page where the WScript.Shell Object is used, and retrieving its output? Sorry if my question is too newbie-like. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Joe Foran |
last post by:
Hi everyone,
I'm in a bit of a bind... I have some batch scripting ability but next
to no skill in VBS. I had a set of scripts that would:
Query the registry key
HKLM\SOFTWARE\Microsoft\SMS\Client\Configuration\Client Application
Launchers\Hardware Inventory Agent
If the value returned is 0x79726f74 then it would stop the SMS Client
|
by: JackFrost |
last post by:
Hi all,
I recently read an article on the Windows Scripting Host Object Model
(WSHOM) in a back issue of Visual Studios Journal from 2000. As it gives me
a useful and easy way to access all of the registry instead of just the VB
and VBA registry branch, as GetSettings(...) does; I can't find any useful
documentation on it. There is a...
|
by: Kyle |
last post by:
To any who chose to provide an answer, or even any suggestions to this
problem, I thank you greatly in advance. +200 pts. for any valid
solutions.
I am currently in the process of converting a website from an existing
web host to our servers. This website used the WScript.Shell command
to execute a series of Java commands that would send...
|
by: Marcin Zmyslowski |
last post by:
Hello all!
I have installed MSDE on my local computer - Windows 2000 Professional.
I have created a function which runs me a link whose path is placed in
the input field. This function looks like this:
function runCommand(zmienna)
{
if (zmienna==-1)
{
|
by: MacKenzie |
last post by:
The statement in an asp page:
dim objShell
Set objShell = WScript.CreateObject("WScript.Shell")
now gives this error:
VB err= 424,Object required
If I use setobjShell=Server.CreateObject("WScript.Shell"), I get the error
VB err= 5,Invalid procedure call or argument
| |
by: Dutchy |
last post by:
Dear reader,
In an attempt to obtain the path to the quick-launch-folder in order to
create a shortcut to my application-updates during installation , I thought
to:
1- check if quick launch is used by the user
2- check if a link to my application is there
3- if so, obtain the path (ANY PATH) to the quick-launch-folder from
existing...
|
by: Mike John |
last post by:
I am trying to use the shell object to send keys to the
explorer browser to run the send page funcion.
I am receiving the above error only when I put my html
file in the web server folder.However if I am runing the
file local it will work
Any reason, why when the file is in the web server folder
the create object failed to created the...
|
by: Marek |
last post by:
Hello gurus!
I wrote a code in VBS, that will check, that current user is in one from
three groups.
But i don't know how asimilate it with asp.net.
This page will be a bridge between 2 - main menu and report page.
Tomorrow to the 8 a.m. i must do this, but i don't know how.... Can someone
help me?
There are few messageboxes for help.
Here...
|
by: arunpatil84 |
last post by:
Hi ,
I am working on one ASP.NET application which zips the document files and allow the user to download the files.
For that I am using Izarc command line freeware utility to zip the files.
I am able to create zip the file from if the source files are in local machine as well as if the files to be zipp are in other machines from the...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |