Disregarding the issue of uniVerse subroutines that can corrupt some @vars.
For current user name and current database location, don't use @LOGNAME and @ACCOUNT. Instead, use @AUTHORIZATION and @PATHNAME, which contain the effective owner name and the current location. It's generally preferable to use @AUTHORIZATION (current id) instead of using @LOGNAME (original id). @LOGNAME is the original login name but is not always the "effective" process owner. This isn't an issue on Windows servers, but on Unix and Linux most programs (such as Unix mail) use the "effective" id not the login id. Using @AUTHORIZATION gives the same result as executing "id -un" or "whoami". That is, it give the first (and only, one hopes) name in /etc/passwd for the effective id. Also, it's generally preferable to use @PATHNAME instead of using @ACCOUNT. @ACCOUNT doesn't change when you do LOGTO and doesn't always show your current VOC location. But @PATHNAME does change after LOGTO and does show your current VOC location. > -----Original Message----- > From: Craig Bennett [mailto:[EMAIL PROTECTED] > Sent: Sunday, September 12, 2004 8:21 PM > To: [EMAIL PROTECTED] > Subject: Re: [U2] major (?) @var security hole > Importance: High > > > If you need a value that won't change, try SYSTEM(27) or SYSTEM(28). > > These return the operating system user Id and effective user Id. > > You may need to parse the /etc/passwd file to match to a > login name (but > your LOGIN proc could store this too, before anyone has a chance to > fiddle with @ACCOUNT). > > > Craig > ------- > u2-users mailing list > [EMAIL PROTECTED] > To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [EMAIL PROTECTED] To unsubscribe please visit http://listserver.u2ug.org/
