|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Help : Access denied ???Dear all,
I have a windows application that can be use by any user. In order to check my applciation least priviledge i nee to be sure that my applciation runs correctly with minimum rights. One phase of my appliction is that it store some log information in a file whatever the user logged in. For that I store the log file under "Application.CommonAppDataPath", as it name explain, its Common. Common to every use yes but not for writing unless you are an administrator. Storing it under Application.LocalUserAppDataPath will generate one log file for every new user. This is not what I want. What is the best way tohandle that situation ? regards serge users are isolated by default under windows - the only writable locations
for normal users is the profile - if you want a shared directory for all users you must create that manually and ACL it accordingly. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Dear all, > > I have a windows application that can be use by any user. In order to > check my applciation least priviledge i nee to be sure that my > applciation runs correctly with minimum rights. > > One phase of my appliction is that it store some log information in a > file whatever the user logged in. For that I store the log file under > "Application.CommonAppDataPath", as it name explain, its Common. > Common to every use yes but not for writing unless you are an > administrator. > > Storing it under Application.LocalUserAppDataPath will generate one > log file for every new user. This is not what I want. > > What is the best way tohandle that situation ? > > regards > serge Lets replace the Log file by a database for instance.
That database contains the application configuraton setting based on loged in user. So each user is free to modify through a UI its application settings which get store to that database. The database is then common and unique for the whole application and every user. Actually that database is installed with my application deployemen package under Program File folder. Then a normal user to dot have write access under sub folders. If I need to share the database location to be read and write access for every user do I have to define the user right during my application deployement or do it manually ? What is the best ? regards serge Show quoteHide quote "Dominick Baier [DevelopMentor]" wrote: > users are isolated by default under windows - the only writable locations > for normal users is the profile - if you want a shared directory for all > users you must create that manually and ACL it accordingly. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > Dear all, > > > > I have a windows application that can be use by any user. In order to > > check my applciation least priviledge i nee to be sure that my > > applciation runs correctly with minimum rights. > > > > One phase of my appliction is that it store some log information in a > > file whatever the user logged in. For that I store the log file under > > "Application.CommonAppDataPath", as it name explain, its Common. > > Common to every use yes but not for writing unless you are an > > administrator. > > > > Storing it under Application.LocalUserAppDataPath will generate one > > log file for every new user. This is not what I want. > > > > What is the best way tohandle that situation ? > > > > regards > > serge > > > well - you can always set up a directory during deployment and ACL it appropriately
- the System.Security.AccessControl namespace provides everything to do that programmatically. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Lets replace the Log file by a database for instance. > That database contains the application configuraton setting based on > loged > in user. > So each user is free to modify through a UI its application settings > which > get store to that database. The database is then common and unique for > the > whole application and every user. > Actually that database is installed with my application deployemen > package under Program File folder. Then a normal user to dot have > write access under sub folders. > > If I need to share the database location to be read and write access > for every user do I have to define the user right during my > application deployement or do it manually ? > > What is the best ? > > regards > serge > "Dominick Baier [DevelopMentor]" wrote: > >> users are isolated by default under windows - the only writable >> locations for normal users is the profile - if you want a shared >> directory for all users you must create that manually and ACL it >> accordingly. >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> Dear all, >>> >>> I have a windows application that can be use by any user. In order >>> to check my applciation least priviledge i nee to be sure that my >>> applciation runs correctly with minimum rights. >>> >>> One phase of my appliction is that it store some log information in >>> a file whatever the user logged in. For that I store the log file >>> under "Application.CommonAppDataPath", as it name explain, its >>> Common. Common to every use yes but not for writing unless you are >>> an administrator. >>> >>> Storing it under Application.LocalUserAppDataPath will generate one >>> log file for every new user. This is not what I want. >>> >>> What is the best way tohandle that situation ? >>> >>> regards >>> serge or you could use some standard logging mechanism, like EventLog
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com Show quoteHide quote > Dear all, > > I have a windows application that can be use by any user. In order to > check my applciation least priviledge i nee to be sure that my > applciation runs correctly with minimum rights. > > One phase of my appliction is that it store some log information in a > file whatever the user logged in. For that I store the log file under > "Application.CommonAppDataPath", as it name explain, its Common. > Common to every use yes but not for writing unless you are an > administrator. > > Storing it under Application.LocalUserAppDataPath will generate one > log file for every new user. This is not what I want. > > What is the best way tohandle that situation ? > > regards > serge 
Other interesting topics
Need advise...
Import SIMPLEBLOB session key into .NET? [assembly: SecurityPermission] question Trust relationship exception Bad Data with DES Decryption Active Directory and ASP.NET 2.0 permission for socket access https and httplistener Microsoft CryptoAPI CSP Availability SignedXml, X509Certificate2 and certificates with *Strong* protection |
|||||||||||||||||||||||
