need help... ftp with asp

My eyes are going crazy!

Story:
I've gotten my code to work on a win2k server box, but... I cannot get
the actuall ftp command to execute.

- My 'webOrderFile' gets created on the fly
- The holder test.ftp file gets created.
- The ftp commands are in the test.ftp file (lcd,promt,put, etc)
- The dang file just does not get ftp'd unless I go to the command line
and run the
'ftp.exe -s:test.ftp' directly


I am desperate here!

Thanks in advance




code:
Dim objFSO, objTextFile, oScript, oScriptNet, oFileSys, oFile, strCMD,
strTempFile, strCommandResult
Dim ftp_address, ftp_username, ftp_password, ftp_physical_path,
ftp_files_to_put

' Edit these variables to match your specifications
ftp_address = "my ip address"
ftp_username = "test"
ftp_password = "test1"
'ftp_remote_directory = "/download"
ftp_remote_directory = "/data/integrator/sys1/xmlfile/input"
ftp_files_to_put = webOrderFile 'gets created from a posted form
ftp_file_destination = webOrderFile

On Error Resume Next
Set oScript = Server.CreateObject("WSCRIPT.SHELL")
Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
Set objFSO = CreateObject("Scripting.FileSystemObject")

' Build our ftp-commands file
Set objTextFile = objFSO.CreateTextFile(Server.MapPath("test.ftp"))
objTextFile.WriteLine "lcd " & Server.MapPath(".")
objTextFile.WriteLine "open " & ftp_address
objTextFile.WriteLine ftp_username
objTextFile.WriteLine ftp_password
objTextFile.WriteLine "cd " & ftp_remote_directory
objTextFile.WriteLine "prompt"
objTextFile.WriteLine "put " & ftp_files_to_put & " " &
ftp_file_destination
objTextFile.WriteLine "bye"
objTextFile.Close

Set objTextFile = Nothing

' Use cmd.exe to run ftp.exe, parsing our newly created command file
strCMD = "ftp.exe -s:" & Server.MapPath("test.ftp")
strTempFile = Server.MapPath(".") & "\" & oFileSys.GetTempName( )

' Pipe output from cmd.exe to a temporary file
Call oScript.Run ("cmd.exe /c " & strCMD & " > " & strTempFile, 0,
True)
Set oFile = oFileSys.OpenTextFile (strTempFile, 1, False, 0)

On Error Resume Next
' Grab output from temporary file
strCommandResult = Server.HTMLEncode( oFile.ReadAll )
oFile.Close
' Delete the temporary & ftp-command files
Call oFileSys.DeleteFile( strTempFile, True )
Call objFSO.DeleteFile( Server.MapPath("test.ftp"), True )
Set oFileSys = Nothing
Set objFSO = Nothing
'Print result of FTP request.form to screen
'Response.Write( Replace( strCommandResult, vbCrLf, "
", 1, -1, 1) )
response.redirect "my redirect page"

Re: need help... ftp with asp

Take a look at the NTFS permissions on ftp.exe and cmd.exe. Make sure that
IUSR_%computername% has "Read and Execute" permissions.

Ray at home

wrote in message
news:1105480765.449249.49570@c13g2000cwb.googlegroups.com...
> My eyes are going crazy!
>
> Story:
> I've gotten my code to work on a win2k server box, but... I cannot get
> the actuall ftp command to execute.
>
> - My 'webOrderFile' gets created on the fly
> - The holder test.ftp file gets created.
> - The ftp commands are in the test.ftp file (lcd,promt,put, etc)
> - The dang file just does not get ftp'd unless I go to the command line
> and run the
> 'ftp.exe -s:test.ftp' directly

Re: need help... ftp with asp

You might consider using a component, since IUSR can't access shell exes
like ftp.exe directly.
http://www.aspfaq.com/2110

--
http://www.aspfaq.com/
(Reverse address to reply.)




wrote in message
news:1105480765.449249.49570@c13g2000cwb.googlegroups.com...
> My eyes are going crazy!
>
> Story:
> I've gotten my code to work on a win2k server box, but... I cannot get
> the actuall ftp command to execute.
>
> - My 'webOrderFile' gets created on the fly
> - The holder test.ftp file gets created.
> - The ftp commands are in the test.ftp file (lcd,promt,put, etc)
> - The dang file just does not get ftp'd unless I go to the command line
> and run the
> 'ftp.exe -s:test.ftp' directly
>
>
> I am desperate here!
>
> Thanks in advance
>
>
>
>
> code:
> Dim objFSO, objTextFile, oScript, oScriptNet, oFileSys, oFile, strCMD,
> strTempFile, strCommandResult
> Dim ftp_address, ftp_username, ftp_password, ftp_physical_path,
> ftp_files_to_put
>
> ' Edit these variables to match your specifications
> ftp_address = "my ip address"
> ftp_username = "test"
> ftp_password = "test1"
> 'ftp_remote_directory = "/download"
> ftp_remote_directory = "/data/integrator/sys1/xmlfile/input"
> ftp_files_to_put = webOrderFile 'gets created from a posted form
> ftp_file_destination = webOrderFile
>
> On Error Resume Next
> Set oScript = Server.CreateObject("WSCRIPT.SHELL")
> Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
> Set objFSO = CreateObject("Scripting.FileSystemObject")
>
> ' Build our ftp-commands file
> Set objTextFile = objFSO.CreateTextFile(Server.MapPath("test.ftp"))
> objTextFile.WriteLine "lcd " & Server.MapPath(".")
> objTextFile.WriteLine "open " & ftp_address
> objTextFile.WriteLine ftp_username
> objTextFile.WriteLine ftp_password
> objTextFile.WriteLine "cd " & ftp_remote_directory
> objTextFile.WriteLine "prompt"
> objTextFile.WriteLine "put " & ftp_files_to_put & " " &
> ftp_file_destination
> objTextFile.WriteLine "bye"
> objTextFile.Close
>
> Set objTextFile = Nothing
>
> ' Use cmd.exe to run ftp.exe, parsing our newly created command file
> strCMD = "ftp.exe -s:" & Server.MapPath("test.ftp")
> strTempFile = Server.MapPath(".") & "\" & oFileSys.GetTempName( )
>
> ' Pipe output from cmd.exe to a temporary file
> Call oScript.Run ("cmd.exe /c " & strCMD & " > " & strTempFile, 0,
> True)
> Set oFile = oFileSys.OpenTextFile (strTempFile, 1, False, 0)
>
> On Error Resume Next
> ' Grab output from temporary file
> strCommandResult = Server.HTMLEncode( oFile.ReadAll )
> oFile.Close
> ' Delete the temporary & ftp-command files
> Call oFileSys.DeleteFile( strTempFile, True )
> Call objFSO.DeleteFile( Server.MapPath("test.ftp"), True )
> Set oFileSys = Nothing
> Set objFSO = Nothing
> 'Print result of FTP request.form to screen
> 'Response.Write( Replace( strCommandResult, vbCrLf, "
", 1, -1, 1) )
> response.redirect "my redirect page"
>

Re: need help... ftp with asp

I changed the permissions, or I shoudl say added permissions for the
ISUR account and then Bam!

It worked.

Thanks, you saved my ass.

Re: need help... ftp with asp

Ray,

Is giving IUSR_xxx execute permissions to cmd.exe a good idea? Seems like a
big security risk to me.

Bob Lehmann

"Ray Costanzo [MVP]" wrote in
message news:OHzv78E#EHA.2552@TK2MSFTNGP09.phx.gbl...
> Take a look at the NTFS permissions on ftp.exe and cmd.exe. Make sure
that
> IUSR_%computername% has "Read and Execute" permissions.
>
> Ray at home
>
> wrote in message
> news:1105480765.449249.49570@c13g2000cwb.googlegroups.com...
> > My eyes are going crazy!
> >
> > Story:
> > I've gotten my code to work on a win2k server box, but... I cannot get
> > the actuall ftp command to execute.
> >
> > - My 'webOrderFile' gets created on the fly
> > - The holder test.ftp file gets created.
> > - The ftp commands are in the test.ftp file (lcd,promt,put, etc)
> > - The dang file just does not get ftp'd unless I go to the command line
> > and run the
> > 'ftp.exe -s:test.ftp' directly
>
>

Re: need help... ftp with asp

Well, there's probably a reason that guests don't have permissions by
default, but it all depends. What can one really do with cmd.exe? Not
really anything that couldn't be done by some other means.

cmd.exe is just an application, and in a good secure setup, imo, it's the
~data~ that is secured, not the various means of accessing it. By that, I
mean, if you don't want someone to delete a file, you control the
permissions on the file, not all the methods that can be used to delete the
file.

It's like the people who don't want someone to be able to run a program on a
computer, so they delete the shortcut from the start menu. You're not
protecting anything. You're just taking away one method of accessing the
thing you're trying to protect.

--

Ray at work
Microsoft ASP/ASP.NET MVP


"Bob Lehmann" wrote in message
news:e2VoMSN%23EHA.2608@TK2MSFTNGP10.phx.gbl...
> Ray,
>
> Is giving IUSR_xxx execute permissions to cmd.exe a good idea? Seems like
a
> big security risk to me.
>
> Bob Lehmann
>
> "Ray Costanzo [MVP]" wrote in
> message news:OHzv78E#EHA.2552@TK2MSFTNGP09.phx.gbl...
> > Take a look at the NTFS permissions on ftp.exe and cmd.exe. Make sure
> that
> > IUSR_%computername% has "Read and Execute" permissions.
> >
> > Ray at home
> >
> > wrote in message
> > news:1105480765.449249.49570@c13g2000cwb.googlegroups.com...
> > > My eyes are going crazy!
> > >
> > > Story:
> > > I've gotten my code to work on a win2k server box, but... I cannot get
> > > the actuall ftp command to execute.
> > >
> > > - My 'webOrderFile' gets created on the fly
> > > - The holder test.ftp file gets created.
> > > - The ftp commands are in the test.ftp file (lcd,promt,put, etc)
> > > - The dang file just does not get ftp'd unless I go to the command
line
> > > and run the
> > > 'ftp.exe -s:test.ftp' directly
> >
> >
>
>

Re: need help... ftp with asp

"Ray Costanzo [MVP]" wrote in message
news:uqqoLpN%23EHA.2552@TK2MSFTNGP09.phx.gbl...
: Well, there's probably a reason that guests don't have permissions by
: default, but it all depends. What can one really do with cmd.exe?

If you're not aware of the possibilities or ramifications, it's probably not
a good idea to suggest someone modify their security settings.

: Not really anything that couldn't be done by some other means.

That's not a justification. Creating another security hole because others
may exist is not a plan to follow.

: cmd.exe is just an application,

An M-16 is just a piece of metal.

: and in a good secure setup,

So giving someone execute rights would lessen that.

: imo, it's the
: ~data~ that is secured, not the various means of accessing it.

How can you secure your data if you do not secure the "various" means of
accessing it?

: By that, I
: mean, if you don't want someone to delete a file, you control the
: permissions on the file, not all the methods that can be used to delete
the
: file.

Network security is not either do this or do this. It's do all of these and
pray a buffer overflow doesn't exist which renders all of your layers of
security useless.

: It's like the people who don't want someone to be able to run a program on
a
: computer, so they delete the shortcut from the start menu.

People meaning someone ignorant of what a shortcut actually is?

: You're not
: protecting anything.

Well, you're protecting it from being launched from the desktop unless they
create another shortcut. But the run, command processor, explorer, possibly
Start Menu, etc. are all still available.

: You're just taking away one method of accessing the
: thing you're trying to protect.

Yes, you are. And anyone's level of network security is based upon the
knowledge of the person who configured it and the person trying to hack it.
Unless you pull the plug, you're at risk. Even then you are at risk if you
do not secure the perimeter, a.k.a. one of the various means of accessing
it. The idea is to minimize the risk, not rationalize increasing that risk.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp