I want to run a script in one file (A) from another file (B). In file B I have a script step: Perform Script [“email test” from file:”A”]
File A is password protected, so when the script runs a login dialog box comes up, but I want this to run automatically in the background without having to enter a password. File B is a timed file? How do I do this?
Add the same username and password in File A as File B.
Then in File A goto File -> File Options and tick Log in using and fill in the credentials.
File A will open without asking for a username/password and when it opens File B to call the script it will pass on the authentication details.
Offhand I can think of three techniques you can use to run the script in File A without needing to enter the password each time.
First, on the Mac there is the option to "Remember my password" when you log into File A. If you check this, FileMaker will look up the password when File B performs the script in File A and should automatically log in. I don't know if such a feature exists in Windows but it might be possible to do the same thing there.
Second, once a user is authenticated with FileMaker, FileMaker will try to use the same authentication credentials for any other database that the first database tries to open. So, as Adam suggests, you can add the same Username and Password used in File A to the Security section of File B. From there you would change the File Options to auto-login with the Username and Password you transferred. You should now automatically log in to both File B and File A.
Third, you could manually log into File A and just leave it open. This technique isn't as robust as the first two as you would need to manually log in again each time the file shuts down or connectivity is lost.
A Few Words About Security
File A probably has a password for a reason. When doing techniques like this it is certainly best to think about security and what people should be allowed to access if they gain access to your computer. At minimum your computer should probably require a password both at login and whenever the screensaver is deactivated just to ensure that people without authorization aren't able to access File A when they shouldn't.
Remember that, with the second technique, anyone who gains access to File B can now access File A with your credentials so you definitely want to be careful with File Sharing and letting others use your computer.
Related
I need to upload a file to OneDrive, via the command line. This will be done through a batch file which is distributed to end users.
From searching on Stack Overflow, I find questions like this one which say that you need to register an app and create an app password, using Azure. I don't have the necessary permissions to do this in the organization where I work, nor can I do anything that requires an admin account. So I can't any install software - I have to use what comes with Windows 10. I can't use VBA either as that's blocked.
I've managed to download files from OneDrive without anything like that, using the process described here:
Open the URL in either of the browser.
Open Developer options using Ctrl+Shift+I.
Go to Network tab.
Now click on download. Saving file isn’t required. We only need the network activity while browser requests the file from the server.
A new entry will appear which would look like “download.aspx?…”.
Right click on that and Copy → Copy as cURL.
Paste the copied content directly in the terminal and append ‘--output file.extension’ to save the content in file.extension since
terminal isn’t capable of showing binary data.
Example:
curl https://xyz.sharepoint.com/personal/someting/_layouts/15/download.aspx?UniqueId=cefb6082%2D696e%2D4f23%2D8c7a%2
…. some long text ….
cCtHR3NuTy82bWFtN1JBRXNlV2ZmekZOdWp3cFRsNTdJdjE2c2syZmxQamhGWnMwdkFBeXZlNWx2UkxDTkJic2hycGNGazVSTnJGUnY1Y1d0WjF5SDJMWHBqTjRmcUNUUWJxVnZYb1JjRG1WbEtjK0VIVWx2clBDQWNyZldid1R3PT08L1NQPg==;
cucg=1’ --compressed --output file.extension
I tried to do something similar after clicking 'upload' on the browser, but didn't find anything useful when trying to filter the requests.
I found these two questions but there is no keyboard shortcut to upload, AFAICT. Also the end user will be uploading a file to a folder I've shared with them from my OneDrive. Opening Chrome or Edge as a minimised window is fine, but I can't just shove a window in their face which automatically clicks on things - they won't like that.
It's just occurred to me that I might be able to use an office application to Save As the file to the necessary onedrive folder, where the keyboard shortcuts are pretty stable, but have no idea how to achieve that via the command line.
The best and more secure way to accomplish this goal I think is going to be with the Rest API for OneDrive.
(Small Files <4MB)
https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_put_content?view=odsp-graph-online
(Large files)
https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/driveitem_createuploadsession?view=odsp-graph-online
You still need a Azure AD App Registration (which your admin should be able to configure for you), to provide API access to services in Azure. Coding with the API is going to be far easier and less complicated, not to mention more versatile.
I accomplished writing an application code in Matlab. I create a .mat file and save data into it somewhere in the code. I converted it to a standalone application file.(exe) However, I don't want to give permission to the user to see and modify this .mat file because the application uses that file in the next executions. For this reason, I changed the permission settings by right clicking the folder and:
properties-Security-Advanced-Changed Permission
However, after changing the permission, the code cannot reach that file and fails while executing. How can I handle it?
To my opinion you are approaching this the wong way. To make that concept working, your application would require higher permissions than the user has, especially the user may not modify permissions. For the majority of self-administrated PCs this is impossible, because the primary user has full administrative rights, allowing to modify folder permissions.
For such cases the typical solution is encryption. Assume everyone can access your files, store only encrypted files to the hard drive.
Looking for some help here. I do a bit of IT support for an organisation of about 200 people. Most of them use a database program called Filemaker Pro 11. Each user should have their own username that is set under the 'edit' menu -> 'preferences'. The edit menu is on the tool bar at the top of the screen, along with file, view, window etc. like as in MS Word for example.
Each user currently has a default username but the organisation wants everyone changed to a unique username. This means me visiting every machine and manually changing it. I was wondering if it would be possible to write a script to prompt users to make this change the next time they open the system? I'm not new to programming but I've never made a script like this before so wouldn't know where to start. Could anyone point me in the right direction?
There is no way to script that change.
The user name you are referring to is the system (Windows or Mac) user name, and not the FileMaker user account. The default for the system user name is whatever they are logged in to their computer as. So, you could give people unique user names at the system level.
The option that is not default allows the user to change their system name. You can create a script that will open preferences for them, but there is no way to actually change it via a FileMaker script.
What you can do: Use the FileMaker account name instead of system name. The account name is much more reliable, follows the user across computers, is more secure, and best of all is (almost) totally scriptable.
I hope this helps. Sorry that what you want isn't possible inside of FileMaker.
The first dialog box you get when opening SSMS (mine is 2008 R2) allows you to choose which server you want to connect to.
I had at least six servers in that list, including a local server called something like MYPC/SQLSERVEREXPRESS
Windows Updates ran last night and rebooted my machine, and now my SSMS list of servers is gone. I can select (local) or (browse for more)
What happened to my previously saved servers and their saved login info?
The file that stores these for 2008 is found at c:\%UserProfile%\Microsoft\Microsoft SQL Server\100\Tools\Shell\SqlStudio.bin
My guess is that it is still there, but was overwritten by one of your updates, you can check it to see when it was last modified.
You should make use of registered servers and export the file to save time if this happens again.
As I understand, you want to retrieve your credentials from that file.
There is a way to restore your passwords, if you still have sqlstudio.bin file and you can see "password" entries there.
First, some theory: When SSMS saves connection object it encrypts the password using some encryprion method, that is BOUND to your windows login. If you try to copy the sqlstudio.bin to other machine/user profile, passwords will not be decrypted. So it is important that you do all actions under same windows account, that you have used then sqlstudio.bin was generated. I can not tell you, if you can directly manipulate sqlstudio.bin - I suppose there are some checksums there which will prohibit direct manipulation, but there is another way.
I know the information I written above, because I develop myself an add-in for SSMS - SSMSBoost. I have implemented there the logic to manage preferred connections (so that you actually will not need standard dialogue anymore). I use exactly the same SSMS objects to store connections and serialize then into XML, so it is easier to manipulate.The picture below shows contents of sqlstudio.bin and SSMSBoostSettings.xml for the same connections. You can recognize, that username and password binary data are the same. So, to restore your password you have to:
install ssmsboost
add preferred connection to ANY database with sql server security
open SSMSBoostSettings.xml (you will see the path to that file in settings dialogue, after you have saved settings. Just save, close and re-open it. Path is displayed at the bottom)
Close SSMS, open sqlstudio.bin and ssmsboostsettings.xml in editor
modify entry in ssmsboostsettings.xml - enter data of your server from sqlstudio.bin - adress, database name, username. Carefully copy password data.
save xml and open SSMS - SSMSBoost will now show your connection in preferred connections and you will be able to connect to database. (see second picture)
I need to code in authentication information for specific parts of my website into my app. Is it at all possible for the app to be "decompiled" and the username and password exposed?
NSURL *url = [NSURL URLWithString:#"https://predefinedUsername:predefinedPassword#www.website.com"];
Yes, it is possible. Assume that if you have anything compiled into your app, it can [and will] be discovered by someone somewhere. Even if it isn't possible today, you are creating a frozen record of such information that will be vulnerable to any future attacks, known or unknown.
You really need the user to perform some task that authenticates them. There are a million and one ways to do that, and for every one of those, a million and two ways to do it wrong. :)
Without knowing more about your specific requirements, it is impossible to really say much more outside of "keep it simple and don't store or send anything in clear-text".
As #Hyperbole said, If you store the username and password in plain text it will be visible in the executable. It is extremely trivial to examine the executable for strings, and it's usually the first thing someone with malicious intent will try.
Right click on any app you've downloaded in iTunes and select show in finder. Make a copy of the app on your desktop and rename the app from AppName.ipa to AppName.zip. Double-click to unzip it, and look inside the folder. Navigate to the folder Payload and then right click on the (probably only) file in there called AppName that looks like an application but has a big circle with a cross through it for the icon. Select show package contents. Scroll through until you find a file called AppName with no extension and a blackish rectangle with the green word "exec" as an icon. Open that file in text edit or another text editor. You'll find that most of this ends up being random symbols and other crap, but you should occasionally see some plain text. The compiler takes string constants and embeds them directly in the app when you compile it in most cases.
You asked about what magazine apps and others do to access content - There are a ton of different ways to do it but off the top of my head, after the server verifies your in-app purchase receipt, the server would record an identifier specific to your iTunes account, saying that you've purchased a specific issue of the magazine. Then your app can request that file from the server, adding the identifier to the request in the process. The server would respond with the file once it looks through the database and determines that you've purchased the content.
Other solutions include signing/hashing a unique key.
Your example would expose the username and password without the need to decompile as you send it via plain text in a URL request. Anyone with a sniffer or MITM service yould snatch it out of the air. A better approach would be to make use of SSL via the http*s* protocol. You could go a step further and either prompt at runtime for the credentials and/or store an encrypted version within the app.
This is very bad because it is trivially easy to recover these credentials just by running 'strings' against the app binary without needing to decompile it.
Can't you pop up a dialogue box asking the user to enter the credentials when they first start the app ? Alternatively you could store them encrypted in a file and then ask the user for an alternative credential e.g. Passcode that derives the key but even this will not survive a determined attack unless the Passcode is long.