Using FTP in WSH - Security considerations when using unattended ftp scripts
(Page 4 of 4 )
As you can see with this example, the username and password required for this ftp login are stored unencrypted in a plain text file. As you can imagine, this poses a potential security risk.
It would be much safer if the user had to provide this information at the time of script execution. You could easily ask the user for a password using an input box, for example.
strPassword = InputBox("Please enter the FTP password:", _
"Enter Password")
If you are launching this script from a command line, you might want to consider passing the password as an attribute to the script as I’ve done in the following example.
If (WScript.Arguments.Count > 0) Then
Set colArgs = WScript.Arguments
strPassword = colArgs.Item(0)
Else
strPassword = ""
End If
Whatever way you choose to do for this, keep in mind that you never know when you’ll be dealing with prying eyes and, unfortunately, WSH scripts are stored in plain text format.
Also, keep in mind that you are writing the FTP password to a temporary plain text file as well. Make sure that the temporary file is deleted immediately after the FTP command completes.
In any case, I hope I’ve opened up the doors for you to add ftp functionality to your scripts. This can provide a very dynamic aspect to your scripting repertoire. Until next time, keep coding!
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
