getenv to retrieve password? 2

[biot023]

I don't know if this is possible, but it would greatly speed my application if I could access the user's profile's password in an exe.
I get their username with the following:
char buffer[255];
strcpy(buffer,getenv("Username&quot);

This works okay, but when I pass "Password" as the parameter for getenv, it all goes horribly wrong.
This quite possibly is because you aren't ALLOWED to access the password (which I guess is reasonable), but does anyone know for sure? And (if it exists) a way around it?

Cheers,
Douglas JL

If it don't make you laugh, it ain't true.

 

[2ffat]

Are you sure that this variable isn't being encrypted? If you go to you command prompt and type "SET PASSWORD" what do you get?
James P. Cottingham

When a man sits with a pretty girl for an hour, it seems like a minute. But let him sit on a hot stove for a minute and it's longer than any hour. That's relativity.
[tab][tab]Albert Einstein explaining his Theory of Relativity to a group of journalists.

 

[biot023]

I get "Environment variable PASSWORD not defined".
I don't know about it being encrypted, but I'll investigate.

Cheers,
Douglas

If it don't make you laugh, it ain't true.

 

[2ffat]

What your message is saying is that password isn't a enviroment variable and can't be picked up by GETENV.

James P. Cottingham

When a man sits with a pretty girl for an hour, it seems like a minute. But let him sit on a hot stove for a minute and it's longer than any hour. That's relativity.
[tab][tab]Albert Einstein explaining his Theory of Relativity to a group of journalists.

 

[biot023]

Ah, well - I guess I'll have to have people entering them.
Cheers, man.

Douglas JL

If it don't make you laugh, it ain't true.

 

[hnd]

Hi Biot023,

I assume you are doing something that makes no sense. Do you want to read the login-password? If yes why?

If the password would be wrong nobody could login, and therefore the knowledge of Username is enough.

The environment Variable "Password" is not defined in all Windows OS, In the Case of win2k I think it is encrypted. I'll find out what happens with NT.

hnd
hasso55@yahoo.com

 

[biot023]

Cheers - the reason I want the password is because I want fairly strict control over the usernames and passwords for an application I'm writing to run alongside another application that uses profile usernames & passwords for logging on. It would make my job alot easier if I could guarantee everything matched, but maybe that isn't to be.

Cheers,
Douglas JL

If it don't make you laugh, it ain't true.

 

[hnd]

I just checked with WinNT. Winnt stores the username in an environment Variable, and the corresponding Password in the registry in encrypted form. I think this would be similar with win2k and winXP.

But my Opinion is that: if you do not trust into the Login-Procedure, then you have to install a new password for your application and store it anywhere in a form as you like it. Otherwise a double Passwordcheck (System and Application) made no sense. If the Password would be compromised it would be compromised in each case.

hnd
hasso55@yahoo.com

 

[biot023]

Yeah - seems to have been a bit of a blind alley. I don't really have any issue with trusting the initial logon, so I guess I'll rethink.
Cheers,
Douglas JL

If it don't make you laugh, it ain't true.