Problems with security issues

  • Thread starter Thread starter Steve Sargent
  • Start date Start date
S

Steve Sargent

Hi:

I'm writing an application that connects to a server and downloads and
stores files in subdirectories of the application's folder.

This has worked fine...up until I tested the application on an XP
limited account. It didn't work on the limited account. One of the
first thing my client does is to create a log file to store various
errors and messages. If I start up the application for the first time
in the limited account, it refuses to let me create the file.

My client also stores files from the server for quick access in later
retrievals. I would imagine this won't work either.

How do I make my application able to store files while in a limited
account? I've only been writing C# for about 6 months now, so there
are a lot of topics I haven't yet learned about.

Right now, my application stores the files in directories based on
settings in the app.config file from within the app's directory.
Based on the app's directory, the relative paths are appended to the
app's current directory, and that is where all the logs and stored
files go. Up to now, this has worked. If this isn't possible for
limited accounts, what method should be used?

I know alot of programs have personal settings based on the user. I
don't really know how they do that; so, if this is needed, could
someone guide me to a resource that covers programming per user.

Thanks in advance for any help provided.

Steve
 
Are you getting "Access is denied" exceptions, or something else?

If it's access denied, then you have to grant your application identity
access rights to the folders you want to use (or, use folders you already
have access rights to).

Nick Holmes.
 
I am getting "Access is denied" exceptions.

I am writing an msi installer, so this will be used by people with
varying access rights. Of course, it will need to be installed by
someone with admin rights, but I would imagine it would also be used
by users with limited access.

How do you grant an application access rights. Is that done in the
installation? I've skimmed over some of the topics in the MSDN on
security, but haven't quite gotten how that works. If an application
asks for specific rights, is that kept by the computer, or does the
app have to keep asking for those rights? To me, I don't see how that
would help, since the first time a limited account used the
application, it would fail. But I'm sure I'm probably missing
something in this.
 
Your application can only do what your user has permissions to do. You can't
have the application expand it rights beyond this, programmatically (that
would not be at all secure).

So, if you application requires certain permissions setting up, they you'll
need to describe these in the installation manual, and have the sys admin
sort it out before installation. You can set up file ACLs via Explorer, for
example.

Nick Holmes.
 
Having a program that can only can go past the rights of the user
seems to me to be overkill. It would prevent a whole line of
applications from being written. Granted, I shouldn't be able to
write a program that any user can access that can modify files on the
system. But at the same token, some legitimate acceptions to that do
occur. Some programs need to have stronger access rights.

Web browsers, for example, obviously needs to be able to save files
to the hard drive for it's temporary internet cache...and surprisingly
enough, they can. A newsreader program needs to save files on the
hard drive so that the user can reread those files at a later time.
Mail programs are similar. And these programs usually have settings,
as well, for the users.

If I have a limited account, these programs obviously are storing
these files somewhere. The question is where and how.

Along these lines, if I end up having to have custom configurations
per user, is there a standard config file to hold these. This
definitely, in my opinion, limits some of the uses for the app.config
file.


Although I haven't looked yet, I'm sure there are ways to get the
environmental variables holding the current user's identity, as well
as the directory in which they store their files. I just don't know
what those variables are, or which configuration file to use to access
these files.


One idea. Is it possible to programmatically setup a union of
permissions durring the installation. Since only an admin can
install, this would ensure that these settings would be done
legitimately.I don't know the specifics, but I would probably want to
setup the permissions based on the strong name of the application.

I would also probably want to remove the permission during uninstall.

During install, I could use the target path as the base class for the
file io permissions. Then, within the app, I could test for
permissions against the current directory at startup of the
application.
 
Back
Top