I've made an ASP page that calls a small executable and collects its
text output into a variable ("strExeOut") below. Below is some code similar
to the one I use for that purpose.
strExe = "C:\whatever\myprogram.exe -h1 -d33"
Set objShell = CreateObject("WScript.Shell")
Set objScriptExec = objShell.Exec(strExe)
strExeOut = objScriptExec.StdOut.ReadAll
I developed this in my own computer and the whole thing works like a charm,
but
unfortunately I assumed my hosting provider would let me run the (little and
harmless) exe, and they won't.
Therefore I have to run only the "exe" portion of the code in another web
server and send
back the output to my website on the net.
I'd like to get some feedback on what would
be the best way to call an exe on another server, and to have the output
sent back.
Any help is appreciated. Thanks in advance.
4  2302 
1. Make sure you've set a security proc on the server that CAN run the exe, to prevent unauthorised servers running it (e.g. a security key or whatever that will be passed from one to the other)
2. Stick ALL of the code that runs the exe, into a file on the server that can run the exe
3. Use the XMLHTTP object to run the asp page on the other server, and to return the results.
Thats my thoughts on it anyway....
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
"joe" <no****@nowhere.com> wrote in message news:xI********************@news20.bellglobal.com. .. I've made an ASP page that calls a small executable and collects its
text output into a variable ("strExeOut") below. Below is some code similar
to the one I use for that purpose.
strExe = "C:\whatever\myprogram.exe -h1 -d33"
Set objShell = CreateObject("WScript.Shell")
Set objScriptExec = objShell.Exec(strExe)
strExeOut = objScriptExec.StdOut.ReadAll
I developed this in my own computer and the whole thing works like a charm,
but
unfortunately I assumed my hosting provider would let me run the (little and
harmless) exe, and they won't.
Therefore I have to run only the "exe" portion of the code in another web
server and send
back the output to my website on the net.
I'd like to get some feedback on what would
be the best way to call an exe on another server, and to have the output
sent back.
Any help is appreciated. Thanks in advance.
Steven:
Thank you. So far the method is working. I still haven't dealt with the
security aspect, as I am a bit ignorant of the administration of IIS. Does
it matter that the exe doesn't really do anything except to output some
text? What are the risks, besides someone issuing XMLHTTP calls to the page
where the WScript.Shell Object is used, and retrieving its output? Sorry if
my question is too newbie-like.
It depends on what the text contains.... but personally I'd be inclined to protect it regardless (I always tend to err on the side of paranoia).
Executables, as with anything else, use resources, so allowing someone else to access the file could (in theory) allow them to bombard the page with requests, causing your server to crash (could also happen with regular web-files though, it's not an issue thats restricted to certain file types).
I don't actually run exe's on the server so don't know the in's and out's where the security aspect is concerned though, you'll have to wait for one of the experts to come along and advise you on this one.
--
Regards
Steven Burn
Ur I.T. Mate Group www.it-mate.co.uk
Keeping it FREE!
"joe" <no****@nowhere.com> wrote in message news:z_******************@news20.bellglobal.com... Steven:
Thank you. So far the method is working. I still haven't dealt with the
security aspect, as I am a bit ignorant of the administration of IIS. Does
it matter that the exe doesn't really do anything except to output some
text? What are the risks, besides someone issuing XMLHTTP calls to the page
where the WScript.Shell Object is used, and retrieving its output? Sorry if
my question is too newbie-like.
"Steven Burn" <so*******@in-time.invalid> wrote in message
news:eH**************@TK2MSFTNGP12.phx.gbl...
It depends on what the text contains.... but personally I'd be inclined to
protect it regardless (I always tend to err on the side of paranoia).
Executables, as with anything else, use resources, so allowing someone else
to access the file could (in theory) allow them to bombard the page with
requests, causing your server to crash (could also happen with regular
web-files though, it's not an issue thats restricted to certain file types).
I don't actually run exe's on the server so don't know the in's and out's
where the security aspect is concerned though, you'll have to wait for one
of the experts to come along and advise you on this one.
<<<<<
The security risk is that it is much much more difficult to restrict an EXE
that it is to restrict the actions of a script. An EXE has the whole Win32
API available to it, it can manipilate ACEs and process tokens, it can call
LoginUser as part of a brute-force password attack, it can explicitly
allocate large chunks of memory -- there is no stopping even an uninspired
C++ programmer from crashing the system on purpose if s/he wants to, and you
allow his/her EXE to run.
Bottom line, the system is almost infinitely more vulnerable to rogue code
in an EXE, even if it's accidental, than it is to script.
-Mark
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"joe" <no****@nowhere.com> wrote in message
news:z_******************@news20.bellglobal.com... Steven:
Thank you. So far the method is working. I still haven't dealt with the
security aspect, as I am a bit ignorant of the administration of IIS. Does
it matter that the exe doesn't really do anything except to output some
text? What are the risks, besides someone issuing XMLHTTP calls to the
page
where the WScript.Shell Object is used, and retrieving its output? Sorry
if
my question is too newbie-like.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Joe Foran |
last post by:
Hi everyone,
I'm in a bit of a bind... I have some batch scripting ability but next
to no skill in VBS. I had a set of scripts that would:
Query the registry key...
|
by: JackFrost |
last post by:
Hi all,
I recently read an article on the Windows Scripting Host Object Model
(WSHOM) in a back issue of Visual Studios Journal from 2000. As it gives me
a useful and easy way to access all of...
|
by: Kyle |
last post by:
To any who chose to provide an answer, or even any suggestions to this
problem, I thank you greatly in advance. +200 pts. for any valid
solutions.
I am currently in the process of converting a...
|
by: Marcin Zmyslowski |
last post by:
Hello all!
I have installed MSDE on my local computer - Windows 2000 Professional.
I have created a function which runs me a link whose path is placed in
the input field. This function looks...
|
by: MacKenzie |
last post by:
The statement in an asp page:
dim objShell
Set objShell = WScript.CreateObject("WScript.Shell")
now gives this error:
VB err= 424,Object required
If I use...
|
by: Dutchy |
last post by:
Dear reader,
In an attempt to obtain the path to the quick-launch-folder in order to
create a shortcut to my application-updates during installation , I thought
to:
1- check if quick launch...
|
by: Mike John |
last post by:
I am trying to use the shell object to send keys to the
explorer browser to run the send page funcion.
I am receiving the above error only when I put my html
file in the web server...
|
by: Marek |
last post by:
Hello gurus!
I wrote a code in VBS, that will check, that current user is in one from
three groups.
But i don't know how asimilate it with asp.net.
This page will be a bridge between 2 - main...
|
by: arunpatil84 |
last post by:
Hi ,
I am working on one ASP.NET application which zips the document files and allow the user to download the files.
For that I am using Izarc command line freeware utility to zip the...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome former...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
