passing parameters and compiling

[mightycpa]

Hi,

This works as a non-compiled script if you run it without passing a variable:

Code: Select all

Assigned>v_test,v_result
If>v_result=TRUE
  MessageModal>%v_test%
Else
  Let>v_test=Default Value
  MessageModal>no parameter passed, default defined
Endif

The message box will appear with that message.

but if you compile it and try the same thing, you get an error dialog that says



When compiling, I specify the variable name :



So how do you compile such that if the value is not passed, you can code a default?

[Bob Hansen]

I put a number of variables at the top of my scripts that are maintained by INI files.
When I need the variable, I read it from the INI file. And then I Let>variable=INI value. If INI value is blank or not matching a particular format, I skip the Let>variable command and the script uses the initial values that I hard coded at the top of the script. This is not done for all variables, depends on script and environment needs.

Only problem is that an extra file (INI) needs to reside on the system, potential security issue,but is also a back door to compiled script. Security because so easy to read contents with text editor. Script can check for an INI file to update paths, filenames, versions, users, passwords, etc. if environment changes after compiling. Password/user and other values read in from INI can require a certain encoded format that the script can decode after reading, to the actual user name and pwd for the user. After checking for INI file in a certain folder, if not exists , script continues, else reads INI to change default values already there. Keeps script operational until new compiled script can be generated.

Some day I will have to find a way to have the script update itself so the INI file does not need to stay there. (Seem to recall seeing something like that many years ago?). Could also copy the INI file to another text file name in an obscure folder, so it could be resident. Just need to make sure these extra files (INI/TXT) are in folders that get included with the daily backups, and maybe hidden to help prevent deletion. Again, if file is deleted, then checking for the INI or TXT file, the script will fall back to the original defaults that I started with.

[hagchr]

Hi,

If I compile your script (leaving include parameters empty) then I get:

C:\Users\Christer\Desktop>tmpTBD.exe
---> displays default value

C:\Users\Christer\Desktop>tmpTBD.exe/v_test=Friday
---> displays Friday

[Grovkillen]

When I want the ini file to be unreadable I turn to the Encode command and use a base (pass)word unique to the script. Both variable names and their values are encoded.

A minor problem is that base 64 include the equal sign "=" to pad the value (to make it an even octet of base64 characters). Since the ini standard also uses the equal sign I've come to the conclusion that if I just replace that with "|" (pronounced pipe) before and after reading/writing it work just fine.

The pipe character is easy to type on most keyboards and rarely use elsewhere so I like it.

[mightycpa]

If I compile your script (leaving include parameters empty) then...

I see! said the blind man.

So those parameters mentioned while compiling are the required ones and everything else is optional.

Perfect, thanks.

[mightycpa]

I put a number of variables at the top of my scripts that are maintained by INI files.

Yes, it looks like I'm going to have to do something like that, and delete it at the end too.

When you run ExecuteFile> you can't pass a parameter along. You've got to read it from somewhere.

[mightycpa]

When I want the ini file to be unreadable ....

In this case, I don't, but that's a great tip. Thanks.

[Bob Hansen]

Hey Bob, you're a dinosaur!

You can do the same thing with registry settings, and reduce the security problems. You could still use a file to modify the registry when needed. Temp load the file in a predefined location, update the settings, then delete the file. Again, just use them as backup if incoming values are missing, corrupted, etc.

But it's hard to give up time proven methods to use newer ones, I understand.

[mightycpa]

Bob, your avatar looks a lot more like one of those old troll dolls from way back when than it does a dinosaur!

In this case, I'm just trying to pass the debug variable along, so security is unimportant to me.

If I were interested in securing an ini file, one thing that comes to mind is that I would use the Base64 encoding that Grovkillen suggested, and the key would be stealthily stored in the file system somewhere. For example, I might use this as the key:

Code: Select all

FileSize>%SCRIPT_DIR%\%SCRIPT_NAME%.exe,v_size1
Len>%SCRIPT_DIR%\%SCRIPT_NAME%,v_len
Let>v_key=%v_size%*%v_len%

Then, if you want to save that somewhere, just in case you change your script or something, you could obfuscate it and save that in the clear, or HTTP it to your own database for safekeeping.

None of that is crackproof, but to your clients, or snoopers, it probably will be.

Great suggestions!

[mightycpa]

I'm still having one final difficulty - passing parameters when using a RunProgram> command

I've done it two ways:

1) RunProgram>"v_test /v_debug=COMPILED" - RESULT IS FILE NOT FOUND

2) RunProgram>"v_test" /v_debug=COMPILED - RESULT IS PARAMETER IGNORED