I have this line on my JavaScript
var objSysInfo=new ActiveXObject("ADSystemInfo");
var objUser=GetObject("LDAP://" + objSysInfo.UserName);
alert(objUser.displayName);
When I am logged in as an admin everything works fine, but if I am logged in as a non-admin account it starts to give exception on
var objSysInfo=new ActiveXObject("ADSystemInfo");
what seems to be the problem here and how will I solve it?
Are there any other alternatives to get the User Info from javascript, I just want to get the display name? (I know this wont work on FF and Chrome)
BTW this is the error I Get "automation server can't create object active x"
The error indicates that the browser security settings of the current user probably don't permit the instantiation of that particular ActiveX control. Unless you can change the browser security settings of the user, there's really nothing you can do about it programmatically (using JavaScript).
You don't get the same error as an admin user probably because of more lax security settings.
Try playing around with the ActiveX security settings in Internet Options and see if you can get it to work with the non-admin user. Maybe the solution for your end users is to provide documentation on how to change the ActiveX security settings.
I know that this question was asked a few years ago. However, i am answering just in case someone might need this information:
You might want to use something more like this:
**JavaScript**
var wshshell = new ActiveXObject("wscript.shell");
var userName = wshshell.ExpandEnvironmentStrings("%username%");
alert(userName);
**VBScript**
Set ObjSysInfo = CreateObject("ADSystemInfo")
strUser = objSysInfo.UserName
Set objUser = GetObject("LDAP://" & strUser)
Dim userName = objUser.SAMAccountName
'In this case, username will be populated with whatever the AD requires for
'authentication when logging in
Maybe that'll work for you??
Related
I have a job script that is executed every 5 minutes by the scheduler. This script search for specific Workitems and change them. The script is working well if I execute it manually because then I am the "current User" and have enough permissions to write in the svn. BUT if the scheduler execute it the current user is: "polarion" and he did not have write acces to the svn which is a bit strange but ok.
The error is:
Caused by: com.polarion.platform.service.repository.driver.DriverException: Sorry, you do not have access to the Subversion Repository. Please contact your Polarion or Subversion administrator if you need access.
at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.handleSVNException(JavaSvnDriver.java:1732)
at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.endActivityImpl(JavaSvnDriver.java:1564)
at com.polarion.platform.repository.driver.svn.internal.JavaSvnDriver.endActivity(JavaSvnDriver.java:1496)
at com.polarion.platform.internal.service.repository.Connection.commit(Connection.java:736)
... 42 more
Caused by: org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: CHECKOUT of '/repo/!svn/ver/54/Sandbox/7023/.polarion/tracker/workitems/100-199/7023-193/workitem.xml': 403 Forbidden (http://localhost)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:68)
I can´t find the user "polarion" in the user Management so I could not give him more rights.
Is it possible to execute the write access from a other user or something similar?
the user "polarion" is used internally for reading information from Polarion's SVN Repository. It usually not writing ("committing") into the repository as this is usually done under the useraccount of the logged-in user.
There are two solutions to your problem:
The quick and easy fix: modify the svn access file, so that polarion user has write access to the repository. This is quite easy doable from Polarion itself with the build-in access editor under administration->user management->access management. This is potentially unsafe as the password of the polarion user is in cleartext in a config file on the server so anybody with access to the server can modify the SVN-Repository.
use the ISecurityService.doAsUser(..) function to perform your action as a different user. Usually you can put the credentials into the Polarion Vault to retrieve them without exposing usernames and passwords.
Here is an example:
subject = securityService.loginUserFromVault(vaultKey, vaultKey);
retVal = securityService.doAsUser(subject, new PrivilegedAction<Object>() {
public Object run() {
Object ret = null;
try {
ret = doAction();
return ret;
}
}
});
Needless to say the second method is the safer way to work, but it is more work as well :)
So I'm working on a Chrome extension for someone else. I don't want to give away specific details about the project, so for I'll use an equivalent example: let's assume it's an extension to run on an image/forum board. Imagine I have variables such as userPoints, isBanned etc. The later being fairly self-explanatory, while the former corresponding to points the user acquires as they perform certain actions, hence unlocking additional features etc
Let's imagine I have code like:
if(accountType !== "banned"){
if(userPoints > 10000) accountType = "gold";
else if(userPoints > 5000) accountType = "silver";
else if(userPoints > 2500) accountType = "bronze";
else if(userPoints <= 0) accountType = "banned";
else accountType = "standard";
}else{
alert("Sorry, you're banned");
stopExtension();
}
Obviously though, it becomes trivial for someone with the knowledge to just browse to the extensions background page and paste chrome.storage.local.set({'userPoints': 99999999}) in the console, hence giving them full access to all the site. And, with the Internet, someone can of course share this 'hack' on Twitter/YouTube/forums or whatever, then suddenly, since all they'd need to do is copy and paste a simple one-liner, you can have 1000s of people, even with no programming experience, all using a compromised version of your extension.
And I realise I could use a database on an external site, but realistically, it would be possible that I would be wanting to get/update these variables such as userPoints 200+ times per hour, if the user was browsing the extentions target site the entire time. So the main issues I have with using an external db are:
efficiency: realistically, I don't want every user to be querying the
db 200+ times per hour
ease-of-getting-started: I want the user to just download the
extension and go. I certainly don't want them to have to sign up. I
realise I could create a non-expiring cookie with for the user's ID
which would be used to access their data in the db, but I don't want
to do that, since users can e.g. clear all cookies etc
by default, I want all features to be disabled (i.e. effectively
being considered like a 'banned' user) - if, for some reason, the
connection with the db on my site fails, then the user wouldn't be
able to use the extension, which I wouldn't want (and just speaking
from experience of my parents being with Internet providers whose
connection could drop 10 times per hour, for some people, failed
connections could be a real issue) - in contrast, accessing data from
the local storage will have like a 99.999% success rate I'd assume,
so, for non-critical extensions like what I'm creating, that's more
than good enough
Still, at least from what I've found searching, I've not found any Chrome storage method that doesn't also allow the user to edit the values too. I would have thought there would be a storage method (or at least option with chrome.storage.local.set(...) to specify that the value could only be accessed from within the extension's context pages, but I've not found that option, at least.
Currently I'm thinking of encrypting the value to increment by, then obfuscating the code using a tool like obfuscator.io. With that, I can make a simple, like 30 character js file such as this
userPoints = userPoints + 1000;
become about 80,000...still, among all the junk, if you have the patience to scroll through the nonsense, it's still possible to find what you're looking for:
...[loads of code](_0x241f5c);}}}});_0x5eacdc(),***u=u+parseInt(decrypt('\u2300\u6340'))***;function _0x34ff36(_0x17398d)[loads more code]...
[note that, since it's an extension and the js files will be stored on the user's pc, things like file size/loading times of getting the js files from a server are irrelevant]
Hence meaning a user wouldn't be able to do something like chrome.storage.local.set({'userPoints': 99999999}), they'd instead have to set it to the encrypted version of a number - say, something like chrome.storage.local.set({'userPoints': "✀ເ찀삌ሀ"}) - this is better, but obviously, by no means secure.
So anyway, back to the original question: is there a way to store persistent values for a Chrome extension without the user being able to edit them?
Thanks
I'm logging into my Parse app through the JavaScript SDK, it appears to be storing cookies however once it progresses to the next page it always displays the current user as being null despite having logged in successfully. I've cleared the cookies and it appears to be storing the cookies after login fine. This is the code I'm using however no matter what I seem to do it just won't collect the current user. Does anyone know if there's an issue with this or if there's something extra I have to do for it to be able to recall the cookie? If it's relevant the two site are on subdomains, could this be the problem?
Parse.initialize(JSDK, API);
var currentUser = Parse.User.current();
var currentUsername = currentUser.get('username');
alert(currentUsername);
You should use the getUsername() method instead of get('username').
Is it possible to test whether a user's OS/browser supports a given url scheme using javascript (or anything else)?
For example, mailto: isn't setup on most user's computer that only use webmail. Would it be possible to somehow catch attempts to click a mailto link and pop up a more descriptive explanation than the browser error message?
In the general case — I don't think so.
In the specific case of mailto: — no.
To solve the problem you need to describe you need to know if the user has a configured email client, not if the browser supports mailto:. Most browsers support mailto:, and if the user doesn't have a configured client — it still 'works' (by starting the email client and prompting the user to configure it).
Would it be possible to somehow catch attempts to click a mailto link and pop up a more descriptive explanation than the browser error message?
I don't know that you can determine whether a browser supports mailto: links. But as for attaching logic to mailto links, you could cycle through the links on the page, and test their href value. If it begins with "mailto:" you could attach a popup upon clicking it.
var maillinks = document.getElementsByTagName("a");
var (var i = 0; i < maillinks.length; i++) {
var currentlink = maillinks[i];
if (currentlink.href.substring(0,7) === "mailto:") {
alert("Sorry. These aren't allowed.");
return false;
}
}
The only real solution I can think to this problem is to host your own contact page, providing a small form that the user can submit.
I'm working with an old intranet site written in classic ASP. I'm trying to retrieve their username they logged into their machine with. Each user is logged into AD, but I can't retrieve it from the server since the intranet site does not use AD.
I was told I could use ActiveX in order to retrieve it. I did some research and I found the following code (javascript):
var wshshell = new ActiveXObject("WScript.shell");
var username = wshshell.ExpandEnvironmentalStrings("%username%");
Currently I'm using IE8 and I get an "Automation server can't create object" error on that first line.
1) Any ideas why I'm getting the error?
2) Is there a better way to be doing this given my limitations?
If this is done client-side, then you must have the user add the site to the Trusted Sites zone and set the security level to the lowest. Line 1 should work server-side, but I don't think line 2 is right.
Try this
var net = new ActiveXObject ( "WScript.NetWork" );
var username = net.UserName;
Basically, its impossible to retrieve client's Windows machine information using Javascript.
Because its scope is upto browser only.
For doing so you need to create COM object or say an Activex object, and using ASPX page you need to deploy it on Client's system at the very first time your page is accessed from a browser.
Now, ActiveX object has a featured to interact using javascript. You have to access the COM object or the class and function of the COM, which further interact with the system classes to get the system Information. i.e logged in client's windows user information.
var net = new ActiveXObject ( "WScript.NetWork" );
var username = net.UserName;
Above code is also initializing a COM object, if it is not deployed to your client system this script won't work.