About This Code
Brief Description:
Get user's ID file
Contributor:
Esther Strom
Last Modified:
13 Dec 2002
OpenNTF Disclaimer
All of the program code and information presented in the OpenNTF.org Code Bin are provided "as-is", and should be used at your own risk. OpenNTF.org make no express or implied warranty about anything in the Code Bin, and OpenNTF.org will not be responsible or liable for any damage caused by the use or misuse of anything from this site. OpenNTF.org makes no guarantees about anything. Please thoroughly test all of the knowledge and code you find here before you attempt to use them in your production environment.
Code / Description
As a developer, I often have users calling me saying a specific feature isn't working for them. I can test all I want with an ID that has the same level of access, but I don't always see the problem. Many of our users are not terribly computer-savvy, so telling them to find their ID file in their Notes data directory and email it to me just results in more questions. So I wrote this button code that makes it easy.
Sub Click(Source As Button)
Dim session As New NotesSession
Dim db As NotesDatabase
Set db = session.CurrentDatabase
Dim pass As String
Dim rtitem As notesrichtextitem
Set memo = New NotesDocument( db )
memo.form="memo"
Set rtitem = New NotesRichTextItem( memo, "Body" )
memo.sendto="Your address here"
memo.subject="id file"
pass=Inputbox$("Your Notes Password?")
Call rtitem.AppendText( "Password: " & pass )
Call rtitem.AddNewLine( 1 )
Dim file As String
file=session.GetEnvironmentString( "Directory", True ) & "\" & session.GetEnvironmentString( "KeyFilename", True )
Dim object As NotesEmbeddedObject
Set object = rtitem.EmbedObject ( EMBED_ATTACHMENT, "", file)
Messagebox "Your id file has been sent", 64, "OK"
Call memo.send(True)
End Sub
Usage / Example
Comments
Posted by Ian Randall on 02/24/2003 06:43:01 PMI consider this an example of a very poor security practice
In some organisations, distributing code like this would be considered a severe breach of Security
Policy and at best you would receive a strong caution and at worst would result in you being fired
on the spot for using code such as this, and some organisations would also seek to have you
arrested.
I understand that is not what was intended here, but this type of code and practice is counter to
all responsible security principles.
If you really need to test a system using the end users ID file, then why not simply obtain a copy
of the back-up copy of the uses ID file from the System Administrator.
The back-up copy of the users ID file has a default password. This could be done under strict
Administration scrtiny, which may then not compromise the end users security, or erode trust in the
integrity of the system.
Posted by Jason Collier on 01/16/2004 10:45:13 PMHmmm
I don't see this as that bad. We have a large environment and we need to harvest all id files and passwords. This is more common then you'd imagine.
Jason Collier
http://www.CertFX.com
Posted by Nelson Remy on 05/27/2004 01:43:56 PMHere's a use...
If a company has performed renames or recert to another OU and the user has accepted it then the new info is stored in the user's ID not necessarily the one the admin(s) may have. This would allow an admin to follow up an email rename/recert with a request for the new ID for storage by sending to the user after the name/recert has been accepted.