Windows login information

Discussion in 'Java' started by jamie.eyre@gmail.com, Aug 22, 2006.

  1. Guest

    Hi,
    I would like to get the windows login information from my
    application/applet. Specifically I want the username. I know that you
    can get the username by calling
    System.getProperty("user.name");
    This gets the windows USERNAME environment variable.

    The only problem with using this method is that it is possible to
    change your USERNAME system property to something else (i.e. admin) via
    a command propmt (set USERNAME=admin), and then start the application.
    If the application is started in the same command dialog, the
    application would then get this new name (i.e. admin), when calling
    System.getProperty("user.name"); In this way, someone could fake their
    name.

    Does anybody else have another way of doing this? A more secure way.

    Thanks,
    Jamie
    , Aug 22, 2006
    #1
    1. Advertising

  2. schrieb:
    > Hi,
    > I would like to get the windows login information from my
    > application/applet. Specifically I want the username. I know that you
    > can get the username by calling
    > System.getProperty("user.name");
    > This gets the windows USERNAME environment variable.
    >
    > The only problem with using this method is that it is possible to
    > change your USERNAME system property to something else (i.e. admin) via
    > a command propmt (set USERNAME=admin), and then start the application.
    > If the application is started in the same command dialog, the
    > application would then get this new name (i.e. admin), when calling
    > System.getProperty("user.name"); In this way, someone could fake their
    > name.
    >
    > Does anybody else have another way of doing this? A more secure way.
    >
    > Thanks,
    > Jamie
    >


    Hi Jamie

    With Java5 there comes a new (?!) method with the class
    java.lang.System: getenv(String name).
    This should get the "real" enviroment variables. I'm not sure whether or
    not this helps you but if you want to do security issues you may change
    to a more safe thing.

    Hope that helps
    Dieter
    Dieter Lamberty, Aug 22, 2006
    #2
    1. Advertising

  3. On 22-8-2006 18:23, wrote:
    > Hi,
    > I would like to get the windows login information from my
    > application/applet. Specifically I want the username. I know that you
    > can get the username by calling
    > System.getProperty("user.name");
    > This gets the windows USERNAME environment variable.
    >
    > The only problem with using this method is that it is possible to
    > change your USERNAME system property to something else (i.e. admin) via
    > a command propmt (set USERNAME=admin), and then start the application.
    > If the application is started in the same command dialog, the
    > application would then get this new name (i.e. admin), when calling
    > System.getProperty("user.name"); In this way, someone could fake their
    > name.
    >
    > Does anybody else have another way of doing this? A more secure way.
    >
    > Thanks,
    > Jamie
    >

    com.sun.security.auth.module.NTSystem NTSystem = new
    com.sun.security.auth.module.NTSystem();
    System.out.println(NTSystem.getName());
    See
    <http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/spec/index.html>

    --
    Regards,

    Roland
    Roland de Ruiter, Aug 23, 2006
    #3
  4. Guest

    Hi,

    I have tried using the getenv function, but it gives the same problem.
    Any other ideas?

    Jamie

    Dieter Lamberty wrote:
    > schrieb:
    > > Hi,
    > > I would like to get the windows login information from my
    > > application/applet. Specifically I want the username. I know that you
    > > can get the username by calling
    > > System.getProperty("user.name");
    > > This gets the windows USERNAME environment variable.
    > >
    > > The only problem with using this method is that it is possible to
    > > change your USERNAME system property to something else (i.e. admin) via
    > > a command propmt (set USERNAME=admin), and then start the application.
    > > If the application is started in the same command dialog, the
    > > application would then get this new name (i.e. admin), when calling
    > > System.getProperty("user.name"); In this way, someone could fake their
    > > name.
    > >
    > > Does anybody else have another way of doing this? A more secure way.
    > >
    > > Thanks,
    > > Jamie
    > >

    >
    > Hi Jamie
    >
    > With Java5 there comes a new (?!) method with the class
    > java.lang.System: getenv(String name).
    > This should get the "real" enviroment variables. I'm not sure whether or
    > not this helps you but if you want to do security issues you may change
    > to a more safe thing.
    >
    > Hope that helps
    > Dieter
    , Aug 23, 2006
    #4
  5. Guest

    Hi,

    The com.sun.security.auth.module.NTSystem works. The only problem now
    is that it is not in older java versions. Since the applet will be
    running on client machines, I do not have control of the java version,
    so i will need to pack the JAAS classes in the applet, which will make
    the applet 104KB larger. Any other ideas which would not require
    foriegn libraries?

    Thanks,
    Jamie


    Roland de Ruiter wrote:
    > On 22-8-2006 18:23, wrote:
    > > Hi,
    > > I would like to get the windows login information from my
    > > application/applet. Specifically I want the username. I know that you
    > > can get the username by calling
    > > System.getProperty("user.name");
    > > This gets the windows USERNAME environment variable.
    > >
    > > The only problem with using this method is that it is possible to
    > > change your USERNAME system property to something else (i.e. admin) via
    > > a command propmt (set USERNAME=admin), and then start the application.
    > > If the application is started in the same command dialog, the
    > > application would then get this new name (i.e. admin), when calling
    > > System.getProperty("user.name"); In this way, someone could fake their
    > > name.
    > >
    > > Does anybody else have another way of doing this? A more secure way.
    > >
    > > Thanks,
    > > Jamie
    > >

    > com.sun.security.auth.module.NTSystem NTSystem = new
    > com.sun.security.auth.module.NTSystem();
    > System.out.println(NTSystem.getName());
    > See
    > <http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/spec/index.html>
    >
    > --
    > Regards,
    >
    > Roland
    , Aug 23, 2006
    #5
  6. Chris Uppal Guest

    wrote:

    > The com.sun.security.auth.module.NTSystem works. The only problem now
    > is that it is not in older java versions. Since the applet will be
    > running on client machines, I do not have control of the java version,
    > so i will need to pack the JAAS classes in the applet, which will make
    > the applet 104KB larger. Any other ideas which would not require
    > foriegn libraries?


    Why are you so bothered about this anyway ? Presumably the applet is sending
    the string to your server, or something like that, and there is absolutely no
    way that you can trust that value no matter how you program your applet. Your
    architecture has to be able to cope with spoofed data supplied by the client
    anyway, so why worry that setting an environment variable gives the user one
    more way (perhaps accidentally) to spoof the ID ?

    -- chris
    Chris Uppal, Aug 23, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. z. f.
    Replies:
    0
    Views:
    667
    z. f.
    Feb 3, 2005
  2. subrato
    Replies:
    8
    Views:
    908
    Juan T. Llibre
    Mar 14, 2006
  3. clercmedia
    Replies:
    2
    Views:
    32,239
    clercmedia
    Dec 9, 2005
  4. GenxLogic

    Windows login information in java

    GenxLogic, Jul 31, 2006, in forum: Java
    Replies:
    8
    Views:
    18,163
  5. Venu Vinod N

    Windows Login Information

    Venu Vinod N, Oct 30, 2003, in forum: Javascript
    Replies:
    1
    Views:
    168
    Randell D.
    Oct 30, 2003
Loading...

Share This Page