Windows login information

J

jamie.eyre

Hi,
I would like to get the windows login information from my
application/applet. Specifically I want the username. I know that you
can get the username by calling
System.getProperty("user.name");
This gets the windows USERNAME environment variable.

The only problem with using this method is that it is possible to
change your USERNAME system property to something else (i.e. admin) via
a command propmt (set USERNAME=admin), and then start the application.
If the application is started in the same command dialog, the
application would then get this new name (i.e. admin), when calling
System.getProperty("user.name"); In this way, someone could fake their
name.

Does anybody else have another way of doing this? A more secure way.

Thanks,
Jamie
 
D

Dieter Lamberty

Hi,
I would like to get the windows login information from my
application/applet. Specifically I want the username. I know that you
can get the username by calling
System.getProperty("user.name");
This gets the windows USERNAME environment variable.

The only problem with using this method is that it is possible to
change your USERNAME system property to something else (i.e. admin) via
a command propmt (set USERNAME=admin), and then start the application.
If the application is started in the same command dialog, the
application would then get this new name (i.e. admin), when calling
System.getProperty("user.name"); In this way, someone could fake their
name.

Does anybody else have another way of doing this? A more secure way.

Thanks,
Jamie

Hi Jamie

With Java5 there comes a new (?!) method with the class
java.lang.System: getenv(String name).
This should get the "real" enviroment variables. I'm not sure whether or
not this helps you but if you want to do security issues you may change
to a more safe thing.

Hope that helps
Dieter
 
R

Roland de Ruiter

Hi,
I would like to get the windows login information from my
application/applet. Specifically I want the username. I know that you
can get the username by calling
System.getProperty("user.name");
This gets the windows USERNAME environment variable.

The only problem with using this method is that it is possible to
change your USERNAME system property to something else (i.e. admin) via
a command propmt (set USERNAME=admin), and then start the application.
If the application is started in the same command dialog, the
application would then get this new name (i.e. admin), when calling
System.getProperty("user.name"); In this way, someone could fake their
name.

Does anybody else have another way of doing this? A more secure way.

Thanks,
Jamie
com.sun.security.auth.module.NTSystem NTSystem = new
com.sun.security.auth.module.NTSystem();
System.out.println(NTSystem.getName());
See
<http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/spec/index.html>
 
J

jamie.eyre

Hi,

I have tried using the getenv function, but it gives the same problem.
Any other ideas?

Jamie
 
J

jamie.eyre

Hi,

The com.sun.security.auth.module.NTSystem works. The only problem now
is that it is not in older java versions. Since the applet will be
running on client machines, I do not have control of the java version,
so i will need to pack the JAAS classes in the applet, which will make
the applet 104KB larger. Any other ideas which would not require
foriegn libraries?

Thanks,
Jamie
 
C

Chris Uppal

The com.sun.security.auth.module.NTSystem works. The only problem now
is that it is not in older java versions. Since the applet will be
running on client machines, I do not have control of the java version,
so i will need to pack the JAAS classes in the applet, which will make
the applet 104KB larger. Any other ideas which would not require
foriegn libraries?

Why are you so bothered about this anyway ? Presumably the applet is sending
the string to your server, or something like that, and there is absolutely no
way that you can trust that value no matter how you program your applet. Your
architecture has to be able to cope with spoofed data supplied by the client
anyway, so why worry that setting an environment variable gives the user one
more way (perhaps accidentally) to spoof the ID ?

-- chris
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,743
Messages
2,569,478
Members
44,898
Latest member
BlairH7607

Latest Threads

Top