Masking Passwords by Using Internet Explorer
Microsoft® Windows® 2000 Scripting Guide
You can use Internet Explorer as a way to enter passwords. To mask passwords using Internet Explorer, you need to:
Create a Web page to use as the form. The Web page must contain, at a minimum:
A password box for entering the password.
An OK button, to be clicked after a password has been entered.
A hidden text field. When the OK button is clicked, the value of the hidden text field is changed. The script used to open the Web page monitors this text field for changes. Because the value will change only when the OK button is clicked, the script will pause until this change is detected.
For example, the HTML coding might look like this:
<SCRIPT language="VBScript"> <!-- Sub OKButton_OnClick OkClicked.Value = 1 End Sub '--> </SCRIPT> <BODY> Please enter your password: <INPUT TYPE=password Name = "PasswordBox" size="20"> <P> <INPUT NAME="OKButton" TYPE="BUTTON" VALUE="OK" > <P> <input type="hidden" name="OKClicked" size="20"> </BODY>
Create a script that opens the Web page and waits for the password to be entered.
Provide a mechanism for the script to identify the password that was typed in the password box.
Listing 17.21 contains a script that masks passwords entered in Internet Explorer. (To actually use the script, you will have to create the file C:\Scripts\Password.asp.) To carry out this task, the script must perform the following steps:
Use the Wscript CreateObject method to create an instance of Internet Explorer, and assign the name IE_ to the event handler responsible for monitoring Internet Explorer events.
Use the Navigate method to open the Web page C:\Scripts\Password.asp.
Configure various Internet Explorer properties, such as width and height, and hide items such as the toolbar and the status bar.
Set the Visible property to 1 to display Internet Explorer, opened to the correct page and properly configured.
Use a Do loop to pause the script until the OK button in Internet Explorer has been clicked.
This is done by periodically checking the value of a hidden text field named OKClicked. If this text box is empty, the script sleeps for 250 milliseconds and then checks again. When the OK button is clicked, the value of this text box is set to 1. At that point, the script exits the loop.
Set the value of the variable strPassword to the value of the PasswordBox text box. This is the name of the text box in Internet Explorer where the user typed the password.
Use the Quit method to close Internet Explorer.
Pause for 250 milliseconds.
Echo the value of strPassword. In a production script, you would probably not echo the value of strPassword but instead would use it to connect to a resource of some kind.
Listing 17.21 Masking Passwords in Internet Explorer
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
The script shown in Listing 17.22 shows how a masked password can be retrieved from Internet Explorer, and then used to connect to a remote computer and install a software package. In line 10, the variable strPassword, which contains the value typed by the user, is used to connect to the remote computer. This is done rather than hard-coding the password in the script.
Listing 17.22 Using a Password Masked in Internet Explorer
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24