Discussion:
having trouble with the personal edition of blat
(too old to reply)
simplydc
2003-06-17 15:14:16 UTC
Permalink
Okay, i want to install blat so multiple people can use it, and keep
their pw's safe.

now, i installed blat just using my host, blat -install host.com


now how do i create profiles

blat -profile -u newuser -p newpass ?

thanks in advance,

the rookie



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchMobileComputing.com to access over 500 white papers.
Get instant access at SearchMobileComputing.com Today
http://us.click.yahoo.com/ZyjvfD/PLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Chip
2003-06-17 16:02:42 UTC
Permalink
Post by simplydc
Okay, i want to install blat so multiple people can use it, and keep
their pw's safe.
now, i installed blat just using my host, blat -install host.com
now how do i create profiles
blat -profile -u newuser -p newpass ?
thanks in advance,
the rookie
By using 1.9.4f or 1.9.4g, you can store the user authentication information
into the registry per profile.

blat -install [hostname] [user email addy] [attempts] [port] [profile name]
[user id] [password]


[attempts] and [port] can be defaulted by using a hyphen (-) for each.

[profile name] is the profile name to use for each user to give them their
own personal information.

The [user id] is what would be used with the -u option when authentication
is required.

The [password] is what would be used with the -p option when authentication
is required.


For example:

blat -install smtp.domain.com ***@domain.com - - joe joesid joespwd


In this example, joesid and joespwd will be stored into the registry using
the profile joe. When you want to use this profile for sending mail, you
would specify "-profile joe" on the command line:

-blat - -body "test" -subject "test" -to ***@domain.com -profile joe

When that message is sent, blat will retrieve the userid and password from
the joe profile and use them to attempt an authentication with the server.

Chip


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchMobileComputing.com to access over 500 white papers.
Get instant access at SearchMobileComputing.com Today
http://us.click.yahoo.com/ZyjvfD/PLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
simplydc
2003-06-17 17:41:42 UTC
Permalink
Instead of just sending and logging in with the entered profile, when
i add "-profile joe"

it just prompts me the same feedback as if i typed blat -profile

C:\>blat - -body "test" -subject "test" -to "user at host dot com" -
profile joe

Blat v1.9.4f (build : May 27 2003 09:44:02)
BLAT PROFILE EDITOR
To modify SMTP: blat -install SMTPHost Sender [Try [Port [Profile
[Login name [Password]]]]]
or: blat -smtpinstall SMTPHost Sender [Try [Port [Profile
[Login name [Password]]]]]
To modify NNTP: blat -nntpinstall NNTPHost Sender [Try [Port [Profile
[Login name [Password]]]]]
To delete: blat -profile -delete Profile
Profiles are listed as in the -install option:
Host Sender Try Port Profile

SMTP: myserver myemail ONCE 25 joe JoesRealUserName joesRealPW


changed actual values for security reasons, am i doing something
wrong?
Thanks alot guys i really appreciate this.
Post by Chip
Post by simplydc
Okay, i want to install blat so multiple people can use it, and keep
their pw's safe.
now, i installed blat just using my host, blat -install host.com
now how do i create profiles
blat -profile -u newuser -p newpass ?
thanks in advance,
the rookie
By using 1.9.4f or 1.9.4g, you can store the user authentication information
into the registry per profile.
blat -install [hostname] [user email addy] [attempts] [port]
[profile name]
Post by Chip
[user id] [password]
[attempts] and [port] can be defaulted by using a hyphen (-) for each.
[profile name] is the profile name to use for each user to give them their
own personal information.
The [user id] is what would be used with the -u option when
authentication
Post by Chip
is required.
The [password] is what would be used with the -p option when
authentication
Post by Chip
is required.
In this example, joesid and joespwd will be stored into the
registry using
Post by Chip
the profile joe. When you want to use this profile for sending mail, you
When that message is sent, blat will retrieve the userid and
password from
Post by Chip
the joe profile and use them to attempt an authentication with the server.
Chip
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchSecurity.com to access over 500 white papers.
Get instant access at SearchSecurity.com Today
http://us.click.yahoo.com/ayjvfD/QLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Tim Musson
2003-06-17 18:18:42 UTC
Permalink
Hey simplydc,

My MUA believes you used eGroups-EW/0.82
to write the following on Tuesday, June 17, 2003 at 1:41:42 PM.

s> Instead of just sending and logging in with the entered profile, when
s> i add "-profile joe"

s> it just prompts me the same feedback as if i typed blat -profile

====8<---------------- snip

s> changed actual values for security reasons, am i doing something
s> wrong?

One tiny thing (isn't that what always gets you?)

"blat -install" is used to put info into the registry,
where "blat -profile" is used to have Blat echo the info in the registry
back to your screen.

,----- [ For example ]
| C:\>blat -profile
| Failed to open registry key for Blat profile , using default.
| Failed to open registry key for Blat profile , using default.
|
| C:\>blat -install localhost ***@mail.tld
| Failed to open registry key for Blat profile , using default.
|
| SMTP server set to localhost on port 25 with user ***@mail.tld, retry 1 time(s)
|
| C:\>blat -install localhost ***@mail.tld 2 26 p1
|
| SMTP server set to localhost on port 26 with user ***@mail.tld, retry 2 time(s)
|
| C:\>blat -install localhost ***@mail.tld 3 27 p2
|
| SMTP server set to localhost on port 27 with user ***@mail.tld, retry 3 time(s)
|
| C:\>blat -profile
| BLAT PROFILE EDITOR
| To modify: blat -install SMTPHost Sender [Try [Port [Profile]]]
| To delete: blat -profile -delete Profile
| Profiles are listed as in the -install option:
| SMTPHost Sender Try SMTPPort Profile
|
| localhost ***@mail.tld 1 25
| localhost ***@mail.tld 2 26 p1
| localhost ***@mail.tld 3 27 p2
`-----

s> Thanks alot guys i really appreciate this.

no problem
--
Tim Musson
Flying with The Bat! eMail v1.62q
Windows 2000 5.0.2195 (Service Pack 2)
MS-DOS: celebrating ten years of obsolescence
Blat @ www.blat.net


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchNetworking.com to access over 500 white papers.
Get instant access at SearchNetworking.com Today
http://us.click.yahoo.com/YyjvfD/OLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
simplydc
2003-06-17 18:27:16 UTC
Permalink
I understand that -install places it there, and -profile echos it,
but i just want to use that profile with out it echoing.

and also, i dont want it to echo, i just want it to send, instead of
sending it just prompts me back the info that i entered with the
install. I know im naive to this program, but everything else seems
so straight forward, you'd think adding


prompt> blat - - body "Test"..... etc... -profile p2, would send
using that information, instead of just the echo, no?

dave
Post by Tim Musson
Hey simplydc,
My MUA believes you used eGroups-EW/0.82
to write the following on Tuesday, June 17, 2003 at 1:41:42 PM.
s> Instead of just sending and logging in with the entered profile, when
s> i add "-profile joe"
s> it just prompts me the same feedback as if i typed blat -profile
====8<---------------- snip
s> changed actual values for security reasons, am i doing something
s> wrong?
One tiny thing (isn't that what always gets you?)
"blat -install" is used to put info into the registry,
where "blat -profile" is used to have Blat echo the info in the registry
back to your screen.
,----- [ For example ]
| C:\>blat -profile
| Failed to open registry key for Blat profile , using default.
| Failed to open registry key for Blat profile , using default.
|
| Failed to open registry key for Blat profile , using default.
|
1 time(s)
Post by Tim Musson
|
|
2 time(s)
Post by Tim Musson
|
|
3 time(s)
Post by Tim Musson
|
| C:\>blat -profile
| BLAT PROFILE EDITOR
| To modify: blat -install SMTPHost Sender [Try [Port [Profile]]]
| To delete: blat -profile -delete Profile
| SMTPHost Sender Try SMTPPort Profile
|
`-----
s> Thanks alot guys i really appreciate this.
no problem
--
Tim Musson
Flying with The Bat! eMail v1.62q
Windows 2000 5.0.2195 (Service Pack 2)
MS-DOS: celebrating ten years of obsolescence
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchNetworking.com to access over 500 white papers.
Get instant access at SearchNetworking.com Today
http://us.click.yahoo.com/YyjvfD/OLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Tim Musson
2003-06-17 18:56:00 UTC
Permalink
Hey simplydc,

My MUA believes you used eGroups-EW/0.82
to write the following on Tuesday, June 17, 2003 at 2:27:16 PM.

s> I understand that -install places it there, and -profile echos it,
s> but i just want to use that profile with out it echoing.

s> and also, i dont want it to echo, i just want it to send, instead of
s> sending it just prompts me back the info that i entered with the
s> install. I know im naive to this program, but everything else seems
s> so straight forward, you'd think adding


prompt>> blat - - body "Test"..... etc... -profile p2, would send
s> using that information, instead of just the echo, no?

Ah, sorry, I missed the point...
use -p p2,
not -profile p2
--
Tim Musson
Flying with The Bat! eMail v1.62q
Windows 2000 5.0.2195 (Service Pack 2)
(A)bort, (R)etry, (P)retend this never happened...
Blat @ www.blat.net


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchNetworking.com to access over 500 white papers.
Get instant access at SearchNetworking.com Today
http://us.click.yahoo.com/YyjvfD/OLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Chip
2003-06-17 18:37:39 UTC
Permalink
Post by simplydc
Instead of just sending and logging in with the entered profile, when
i add "-profile joe"
it just prompts me the same feedback as if i typed blat -profile
C:\>blat - -body "test" -subject "test" -to "user at host dot com" -
profile joe
Blat v1.9.4f (build : May 27 2003 09:44:02)
BLAT PROFILE EDITOR
To modify SMTP: blat -install SMTPHost Sender [Try [Port [Profile
[Login name [Password]]]]]
or: blat -smtpinstall SMTPHost Sender [Try [Port [Profile
[Login name [Password]]]]]
To modify NNTP: blat -nntpinstall NNTPHost Sender [Try [Port [Profile
[Login name [Password]]]]]
To delete: blat -profile -delete Profile
Host Sender Try Port Profile
SMTP: myserver myemail ONCE 25 joe JoesRealUserName joesRealPW
changed actual values for security reasons, am i doing something
wrong?
Thanks alot guys i really appreciate this.
My bad. I should have looked it up first. Use "-p joe" for the profile
command. The password option is -pw, not -p.

Sorry.

Chip


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchMobileComputing.com to access over 500 white papers.
Get instant access at SearchMobileComputing.com Today
http://us.click.yahoo.com/ZyjvfD/PLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Tim Musson
2003-06-17 16:11:21 UTC
Permalink
Hey simplydc,

My MUA believes you used eGroups-EW/0.82
to write the following on Tuesday, June 17, 2003 at 11:14:16 AM.

s> Okay, i want to install blat so multiple people can use it, and keep
s> their pw's safe.

s> now, i installed blat just using my host, blat -install host.com


s> now how do i create profiles

s> blat -profile -u newuser -p newpass ?

What version are you using? The current official version is 1.9.4, and
does not support UserID/PW in the registry.
--
Tim Musson
Flying with The Bat! eMail v1.62q
Windows 2000 5.0.2195 (Service Pack 2)
You can't have everything! Where the heck would you put it?
Blat @ www.blat.net


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchMobileComputing.com to access over 500 white papers.
Get instant access at SearchMobileComputing.com Today
http://us.click.yahoo.com/ZyjvfD/PLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Romson Christer
2003-06-18 08:07:22 UTC
Permalink
I want to install blat so multiple people can use it, and keep
their pw's safe.
I hope you are aware that this won't keep the passwords
completely safe. The passwords stored in the registry
are fairly easy to decrypt.

Of course, no matter how you store them, they'll have to be
decrypted by Blat, so all alternative strategies would suffer
from the same problem: the passwords have to be stored
somewhere in a form that can be decrypted by a computer
program without further input.

The passwords get transmitted in clear text to smtp server.
So it's probably not important to keep the storage of the
password super safe. But I thought I ought to mention it.

Christer Romson

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchSecurity.com to access over 500 white papers.
Get instant access at SearchSecurity.com Today
http://us.click.yahoo.com/ayjvfD/QLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Tim Musson
2003-06-18 11:31:52 UTC
Permalink
Hey Romson,

My MUA believes you used Internet Mail Service (5.5.2653.19)
to write the following on Wednesday, June 18, 2003 at 4:07:22 AM.
I want to install blat so multiple people can use it, and keep
their pw's safe.
RC> I hope you are aware that this won't keep the passwords completely
RC> safe. The passwords stored in the registry are fairly easy to
RC> decrypt.

RC> Of course, no matter how you store them, they'll have to be
RC> decrypted by Blat, so all alternative strategies would suffer from
RC> the same problem: the passwords have to be stored somewhere in a
RC> form that can be decrypted by a computer program without further
RC> input.

RC> The passwords get transmitted in clear text to smtp server. So it's
RC> probably not important to keep the storage of the password super
RC> safe. But I thought I ought to mention it.

I would say the "best practice" is to run blat from a .bat files, and
store the files in folders that are only accessible by the person who
owns them.
--
Tim Musson
Flying with The Bat! eMail v1.62q
Windows 2000 5.0.2195 (Service Pack 2)
I'm not crazy, I just have a unique sense of reality.
Blat @ www.blat.net


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchNetworking.com to access over 500 white papers.
Get instant access at SearchNetworking.com Today
http://us.click.yahoo.com/YyjvfD/OLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Chip
2003-06-18 13:39:52 UTC
Permalink
Romson Christer wrote:

<snipped>
Post by Romson Christer
The passwords get transmitted in clear text to smtp server.
So it's probably not important to keep the storage of the
password super safe. But I thought I ought to mention it.
Christer Romson
Passwords are transmitted encoded with base64, not exactly in the clear but
close enough.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchNetworking.com to access over 500 white papers.
Get instant access at SearchNetworking.com Today
http://us.click.yahoo.com/YyjvfD/OLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
q***@attbi.com
2003-06-18 14:47:37 UTC
Permalink
Lassie saved Romson Christer from the well by barking "RE: [blat] having trouble with the personal editi"
Post by Romson Christer
I want to install blat so multiple people can use it, and keep
their pw's safe.
I hope you are aware that this won't keep the passwords
completely safe. The passwords stored in the registry
are fairly easy to decrypt.
Why decrypt them? running the command

blat -profile

shows the username/password combos in the clear
--
Qe'van the Unclothed, Bard of Nor
http://qevan.home.attbi.com/poetry/
http://texasfilk.home.attbi.com/

... FLW #29: 'I said hit HIM with the fireball, not me!'



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchNetworking.com to access over 500 white papers.
Get instant access at SearchNetworking.com Today
http://us.click.yahoo.com/YyjvfD/OLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Chip
2003-06-18 18:50:07 UTC
Permalink
Post by q***@attbi.com
Post by Romson Christer
I want to install blat so multiple people can use it, and keep
their pw's safe.
I hope you are aware that this won't keep the passwords
completely safe. The passwords stored in the registry
are fairly easy to decrypt.
Why decrypt them? running the command
blat -profile
shows the username/password combos in the clear
There is some discussion afoot to display "*****" in place of the
username/password when displaying the profile information. This makes it
more difficult for admins to verify the information, but it does offer some
minor level of 'protection.'

What say you folks to this idea?


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchMobileComputing.com to access over 500 white papers.
Get instant access at SearchMobileComputing.com Today
http://us.click.yahoo.com/ZyjvfD/PLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
q***@attbi.com
2003-06-18 19:59:11 UTC
Permalink
We've secretly replaced Chip's regular coffee with "Re: [blat] having trouble with the personal editi"
Post by Chip
There is some discussion afoot to display "*****" in place of the
username/password when displaying the profile information. This makes it
more difficult for admins to verify the information, but it does offer
some minor level of 'protection.'
What say you folks to this idea?
1) If you're going to do that...don't display anything.
2) Even with that...with the username/password in the registry,
anybody on the system can send email as those users..without
having to know username/passwords..

Ed is a mid-level manager for thisdomain.com. Joe works for Ed and hates his guts.
Ed's boss is named Tony.

Ed installs blat 1.94>=e on a system. Joe notices this, logs onto the system under
his own account, runs the blat -profile command. He sees there's a profile named
"ed" and its username/password or notices the asterisks and thinks.. "hmmmm...."

blat - -p ed -to ***@thisdomain.com -subject "Take this job and shove it" -body
"Your mother was a hamster and your father smelt of elderberries!"

In My Humble Opinion: Putting name/password info in the registry where it can be
accessed by anyone on the machine is a bad idea.
--
Qe'van the Unclothed, Bard of Nor
http://qevan.home.attbi.com/poetry/
http://texasfilk.home.attbi.com/

... 'May an unclean yak sit in your sister's chicken soup.'- Karnak



------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchMobileComputing.com to access over 500 white papers.
Get instant access at SearchMobileComputing.com Today
http://us.click.yahoo.com/ZyjvfD/PLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Chip
2003-06-18 21:33:14 UTC
Permalink
Post by q***@attbi.com
In My Humble Opinion: Putting name/password info in the registry
where it can be accessed by anyone on the machine is a bad idea.
It would have to be stored under HKCU instead of HKLM. When Joe logs as
himself, his profile should not have Ed's settings.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Looking for the latest Free IT White Papers?
Visit SearchNetworking.com to access over 500 white papers.
Get instant access at SearchNetworking.com Today
http://us.click.yahoo.com/YyjvfD/OLNGAA/uitMAA/dkFolB/TM
---------------------------------------------------------------------~->
Continue reading on narkive:
Loading...