What is Environ?
Environ uses standard environment variables! This are the ye olde style dos variables you can see using the "set" command.
To see these click start, run and type in "cmd" and press enter. This will open a black MS-DOS stylie command window, with a C:\> prompt (or similar!)
If you type "SET" you will then get a list of Environment variables including the old "PATH" variable.
What options?
In the list you will probably see the familiar USERNAME and COMPUTERNAME, along with ones like:
ALLUSERSPROFILE=C:\Documents and Settings\All Users
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MYBIGFATTOWER
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=H:
HOMEPATH=\
HOMESHARE=\\MyServer\home_22$\MyUserName
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\system32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\MyUser~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MyUser~1\LOCALS~1\Temp
USERDNSDOMAIN=ME.FRED.COM
USERDOMAIN=ME
USERNAME=MYUSERNAME
USERPROFILE=C:\Documents and Settings\MyUserName
windir=C:\WINNT
These are variables which are accessible by Name or by Number order.
Where do they come from?
Most of these values are set at startup by the windows login scrips etc, but you can set you own by using the SET command...
e.g. SET USERNAME=BINGO
Sandbox Mode?
Why they arn't always safe: You could embed rather nasty commands into an environment variable, for example someone could change their USERNAME variable so that if you used it in an SQL statement it would delete all the users or change the admin password to something of their choice. (Basically the standard SQL injection techniques!)