Good Day,
I have a MS Access (Access 2000 now upgraded to 2003) database that
tracks customer information. One function of this database is to
create an encrypted license file for our software, which is then
emailed out to the customer. The encryption string is based on
information in the database and can only be generated by executing a
DOS command. This is done from within the database by clicking a
button on a form that triggers a bunch of VBA code that culminates in
running the DOS command -- that command ends up being something like
"C:\Tools\encrypt C:\licenses\customerABCD.txt." This all works fine
and it runs on a Windows XP Pro PC. That it works at all is largely
due to research on this and other newsgroups.
The current problem is that we've now hired an intern that I'm not
completely comfortable with. I want this intern to be able to create
licenses from within the database by clicking the button, but I do not
want him to be able use the encryption routine from the command line.
The reasoning here is that there are certain safeguards (a maximum
valid time, for example) placed on the licenses that can be created in
the database, but if executed from the command line, any license could
be created. Certainly I can take away command line access (by removing
privileges to cmd.exe), but this also breaks the VBA command line
execution. Also of note, the intern will be accessing the PC with the
database using only Remote Desktop (over a VPN) as he will be in a
different office and using the database is the only reason the intern
will be on this machine - I plan to lock down his account as much as
possible.
Any suggestions?
Can I make the database run as System (instead of running as [Intern],
for example)?
Could I could create a new local user with very limited permissions --
no rights to log on, for example -- but who has execute privileges on
the encryption program and have the database (or at least its
encryption function) execute under that username? If I use "Runas"
with the "/savecred" switch in a shortcut, will the saved credentials
be available at other times?
Thanks for your help.
5  3197 
On 10 Jul 2005 17:19:21 -0700, ra**********@earthlink.net wrote:
Handling the most sensitive code a company has, should be left to the
most trusted people in that company. How in the world did you get the
idea of assigning this task to an intern you don't fully trust?
You might be able to eliminate the command line interface and then
further lock down your app, but why trying to finess it, with a chance
your imagination is not as good as the intern's?
The other thing you can do is swing over all the way to the other
side, and assign the task to the most computer-illiterate person in
the company. That strongly reduces the risk that the expanded
priviledges will be used incorrectly.
-Tom. Good Day,
I have a MS Access (Access 2000 now upgraded to 2003) database that
tracks customer information. One function of this database is to
create an encrypted license file for our software, which is then
emailed out to the customer. The encryption string is based on
information in the database and can only be generated by executing a
DOS command. This is done from within the database by clicking a
button on a form that triggers a bunch of VBA code that culminates in
running the DOS command -- that command ends up being something like
"C:\Tools\encrypt C:\licenses\customerABCD.txt." This all works fine
and it runs on a Windows XP Pro PC. That it works at all is largely
due to research on this and other newsgroups.
The current problem is that we've now hired an intern that I'm not
completely comfortable with. I want this intern to be able to create
licenses from within the database by clicking the button, but I do not
want him to be able use the encryption routine from the command line.
The reasoning here is that there are certain safeguards (a maximum
valid time, for example) placed on the licenses that can be created in
the database, but if executed from the command line, any license could
be created. Certainly I can take away command line access (by removing
privileges to cmd.exe), but this also breaks the VBA command line
execution. Also of note, the intern will be accessing the PC with the
database using only Remote Desktop (over a VPN) as he will be in a
different office and using the database is the only reason the intern
will be on this machine - I plan to lock down his account as much as
possible.
Any suggestions?
Can I make the database run as System (instead of running as [Intern],
for example)?
Could I could create a new local user with very limited permissions --
no rights to log on, for example -- but who has execute privileges on
the encryption program and have the database (or at least its
encryption function) execute under that username? If I use "Runas"
with the "/savecred" switch in a shortcut, will the saved credentials
be available at other times?
Thanks for your help.
Have you tried to remove batfiles in a GPO? Also disable the scripting in
that same setting. Just check if it works. If it doesn't I will see if
there is something else I can think of.
-Steven-
<ra**********@earthlink.net> wrote in message
news:11**********************@g49g2000cwa.googlegr oups.com... Good Day,
I have a MS Access (Access 2000 now upgraded to 2003) database that
tracks customer information. One function of this database is to
create an encrypted license file for our software, which is then
emailed out to the customer. The encryption string is based on
information in the database and can only be generated by executing a
DOS command. This is done from within the database by clicking a
button on a form that triggers a bunch of VBA code that culminates in
running the DOS command -- that command ends up being something like
"C:\Tools\encrypt C:\licenses\customerABCD.txt." This all works fine
and it runs on a Windows XP Pro PC. That it works at all is largely
due to research on this and other newsgroups.
The current problem is that we've now hired an intern that I'm not
completely comfortable with. I want this intern to be able to create
licenses from within the database by clicking the button, but I do not
want him to be able use the encryption routine from the command line.
The reasoning here is that there are certain safeguards (a maximum
valid time, for example) placed on the licenses that can be created in
the database, but if executed from the command line, any license could
be created. Certainly I can take away command line access (by removing
privileges to cmd.exe), but this also breaks the VBA command line
execution. Also of note, the intern will be accessing the PC with the
database using only Remote Desktop (over a VPN) as he will be in a
different office and using the database is the only reason the intern
will be on this machine - I plan to lock down his account as much as
possible.
Any suggestions?
Can I make the database run as System (instead of running as [Intern],
for example)?
Could I could create a new local user with very limited permissions --
no rights to log on, for example -- but who has execute privileges on
the encryption program and have the database (or at least its
encryption function) execute under that username? If I use "Runas"
with the "/savecred" switch in a shortcut, will the saved credentials
be available at other times?
Thanks for your help.
Tom,
Thanks for the reply -- reassignment of the task was not my idea and
is a stopgap measure while I port the application to SQL Server with a
web interface. My question is perhaps more appropriately a Windows
security issue and so I've cross-posted there.
--Randy
"" wrote: Good Day,
I have a MS Access (Access 2000 now upgraded to 2003)
database that
tracks customer information. One function of this database is
to
create an encrypted license file for our software, which is
then
emailed out to the customer. The encryption string is based
on
information in the database and can only be generated by
executing a
DOS command. This is done from within the database by
clicking a
button on a form that triggers a bunch of VBA code that
culminates in
running the DOS command -- that command ends up being
something like
"C:Toolsencrypt C:licensescustomerABCD.txt." This all
works fine
and it runs on a Windows XP Pro PC. That it works at all is
largely
due to research on this and other newsgroups.
The current problem is that we've now hired an intern that
I'm not
completely comfortable with. I want this intern to be able to
create
licenses from within the database by clicking the button, but
I do not
want him to be able use the encryption routine from the
command line.
The reasoning here is that there are certain safeguards (a
maximum
valid time, for example) placed on the licenses that can be
created in
the database, but if executed from the command line, any
license could
be created. Certainly I can take away command line access (by
removing
privileges to cmd.exe), but this also breaks the VBA command
line
execution. Also of note, the intern will be accessing the PC
with the
database using only Remote Desktop (over a VPN) as he will be
in a
different office and using the database is the only reason the
intern
will be on this machine - I plan to lock down his account as
much as
possible.
Any suggestions?
Can I make the database run as System (instead of running as
[Intern],
for example)?
Could I could create a new local user with very limited
permissions --
no rights to log on, for example -- but who has execute
privileges on
the encryption program and have the database (or at least its
encryption function) execute under that username? If I use
"Runas"
with the "/savecred" switch in a shortcut, will the saved
credentials
be available at other times?
Thanks for your help.
Yes, you are on the right lines there of running the database as a
diffrent user, what i belive you need to do is make another user
acount, which is basicly going to be totaly redundant, it will only be
used for running the database, but the problem is, even with the runas
command, you carnt just enter the users password in the command line
like you can with good OS’s, no your prompted for it, whcih makes
automated startup of diffrent programs difficult, the best way i can
see is if you write a small visual basic program, that utilises the
shell command, so it would be some thing like (for example)
shell("runas /user:luke calc") this would atempt to start windows
calculator as user luke, unfortunatly you canot enter the password for
the user on the command line, so some how you are going to have to
pass the users password to the newly open shell console (command
prompt) so that the password is entered automaticly.
--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Customi...ict555396.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1765523
"Sparda" wrote: Yes, you are on the right lines there of running the database
as a diffrent user, what i belive you need to do is make
another user acount, which is basicly going to be totaly
redundant, it will only be used for running the database, but
the problem is, even with the runas command, you carnt just
enter the users password in the command line like you can with
good OS's, no your prompted for it, whcih makes automated
startup of diffrent programs difficult, the best way i can see
is if you write a small visual basic program, that utilises
the shell command, so it would be some thing like (for
example) shell("runas /user:luke calc") this would atempt to
start windows calculator as user luke, unfortunatly you canot
enter the password for the user on the command line, so some
how you are going to have to pass the users password to the
newly open shell console (command prompt) so that the password
is entered automaticly.
of course after you have got the program runnign as a diffrent user,
you then have to sort out the ntfs permisons so that that user can
read and write to the nessasery files, but your intern canot. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Ever Olano |
last post by:
Hi. In the docs, it says the command-line executable (that allows you to
run PHP scripts on your console as opposed to inside the web server) was
introduced in 4.3.0. But I was told by someone...
|
by: Christian Long |
last post by:
Hi
I'm trying to pipe data into a python program on Windows 2000, on the
command line.
Like this:
dir | myProgram.py
Here's what I tried:
|
by: Ryan |
last post by:
I was wondering if anyone could lend a hand with the following issue...
I am testing application code (C++) that is currently built for the VxWorks
platform. When loading in the object code (ld...
|
by: Edd Dawson |
last post by:
Hi. I have a strange problem involving the passing of command line
arguments to a C program I'm writing. I tried posting this in
comp.programming yesterday but someone kindly suggested that I'd...
|
by: Rune Jacobsen |
last post by:
Hi,
I've been trying to figure this one out, but my experience just doesn't
have what it takes... :|
I am writing an application that reads an XML file and displays the
contents in various...
|
by: News |
last post by:
Hi folks I've got a really easy question yet I can't seem to get an answer from any book.
I am playing around with ARGV and ARGC and I think I understand the use of these parameters pretty well but...
|
by: bradwest1217 |
last post by:
I am having a problem running a server command line executable from my web application. What is happening is I cannot make a database connection using the command line application (written in...
|
by: Ojas |
last post by:
Hi!,
I just out of curiosity want to know how top detect the client side
application under which the script is getting run. I mean to ask the
how to know whether the script is running under...
|
by: waltbrad |
last post by:
Hi folks. I'm learning Python from the Mark Lutz Book, Programming
Python 3rd edition.
He seems to be able to invoke the Python interpreter from any command
line prompt.
C:\temp>python
...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
