G
Guest
I built a Database application using .NET 2.0 that used Access as its DB
backend for a library. Initially, the application was meant to support only
routine tasks of the library staff, and was not available to the public.
However, it has
been so successful that the library has decided to allow people to use it for
searching the library books.
Although security mechanisms were built into the application right from
scratch, but the file-serving nature of Access poses a problem. Due to its
file serving nature, an Access database needs to be available in a shared
network folder, for allowing clients to access it.
And here's the catch. A mischevious person can use Explorer etc. to directly
access the database. Although I can add a $ to the network name of the shared
folder to prevent it from being shown in explorer, but that doenot prevent
one to enter the path directly, in case he comes to know about it somehow.
Now, with what I know of Windows & .NET security mechanisms, I have found
one way to prevent this. I can create a Guest account on clients, & use
gpedit to deny it all Network permissions accept for .NET applications.
Next, I can configure .NET to deny Network access to all but my application.
Will this work in restricting Network access from clients to just my
application? If yes, how can I accompolish these tasks (the Windows part, I
can tweak .NET security using caspol.exe)? Is there a better solution?
Someone told me that appliation based security is not available with
Windows. I would atleast like to restrict explorer's access to Network
completely, as that's the most common interface to Network for users. If
that's also not possible, complete explorer deny on clients can also be an
option. In addition, the Guest account can be made to have readonly access to
the local disk also, thus denying them ability to install any other
application to access the Network.
backend for a library. Initially, the application was meant to support only
routine tasks of the library staff, and was not available to the public.
However, it has
been so successful that the library has decided to allow people to use it for
searching the library books.
Although security mechanisms were built into the application right from
scratch, but the file-serving nature of Access poses a problem. Due to its
file serving nature, an Access database needs to be available in a shared
network folder, for allowing clients to access it.
And here's the catch. A mischevious person can use Explorer etc. to directly
access the database. Although I can add a $ to the network name of the shared
folder to prevent it from being shown in explorer, but that doenot prevent
one to enter the path directly, in case he comes to know about it somehow.
Now, with what I know of Windows & .NET security mechanisms, I have found
one way to prevent this. I can create a Guest account on clients, & use
gpedit to deny it all Network permissions accept for .NET applications.
Next, I can configure .NET to deny Network access to all but my application.
Will this work in restricting Network access from clients to just my
application? If yes, how can I accompolish these tasks (the Windows part, I
can tweak .NET security using caspol.exe)? Is there a better solution?
Someone told me that appliation based security is not available with
Windows. I would atleast like to restrict explorer's access to Network
completely, as that's the most common interface to Network for users. If
that's also not possible, complete explorer deny on clients can also be an
option. In addition, the Guest account can be made to have readonly access to
the local disk also, thus denying them ability to install any other
application to access the Network.