Hi there security guru!
I have a simple question that boggles my mind. I have written a VB6
application that creates a file on a fileserver. Obviously, the user has
sufficient security rights to launch the application, which in turn has
enough security rights to create and alter that file. Once the file has been
created, the application itself does not allow the user to delete it and all
changes to it are recorded in the file itself.
My problem is that I want to restrict the user to alter or delete the file
created by this application using anything but the application itself (e.i.
if the user tries to delete the file using the explorer or any other tool,
she should get an Access denied error). This looks like a classical Catch-22
to me, have I overlooked the obvious?
Some extra info: the app runs on Windows Workstation NT4 (still!) and I'm
not afraid of using some Windows API functions.
Any thoughts?
Thanks for using your brain!
2  943 
Oops,
Happens all the time I guess, posted this to the DotNet VB group. My
mistake, please ignore, I will repost this to the vb.general.disc ussion
group.
"LJ" <do@not.use> wrote in message
news:uo******** ******@TK2MSFTN GP14.phx.gbl... Hi there security guru!
I have a simple question that boggles my mind. I have written a VB6
application that creates a file on a fileserver. Obviously, the user has
sufficient security rights to launch the application, which in turn has
enough security rights to create and alter that file. Once the file has
been created, the application itself does not allow the user to delete it
and all changes to it are recorded in the file itself.
My problem is that I want to restrict the user to alter or delete the file
created by this application using anything but the application itself
(e.i. if the user tries to delete the file using the explorer or any other
tool, she should get an Access denied error). This looks like a classical
Catch-22 to me, have I overlooked the obvious?
Some extra info: the app runs on Windows Workstation NT4 (still!) and I'm
not afraid of using some Windows API functions.
Any thoughts?
Thanks for using your brain!
"LJ" <do@not.use> schrieb: I have a simple question that boggles my mind. I have written a VB6
application
Notice that this is a VB.NET group. For VB6-related questions, consider
posting to one of the groups in the microsoft.publi c.vb.* hierarchy.
--
M S Herfried K. Wagner
M V P <URL:http://dotnet.mvps.org/>
V B <URL:http://dotnet.mvps.org/dotnet/faqs/> This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Mike Cox |
last post by:
After writing an article trashing java, and C++, notable LISP guru
Paul Graham is getting roasted on slashdot. Apart from AutoCAD and
Emacs, what has LISP done anyway? Most real work is done in C++ or C
in the case of systems development. Perl is useful, but only for
dynamic web content or simple sysadmin scripts. Most slashdotters
think the same!
Some are comparing Graham to Eric S. Raymond for his snobery. LISP's
era ended when...
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data and some who couldn't but that it wasn't important right now.
And I said, 'sure, we can do that later'.
So now I've developed an app without any thought to security and am trying
to apply it afterwards. Doh!, doh! and triple doh!
|
by: Chris Bazalgette |
last post by:
I'm in the process of getting to grips with ASP .Net, and have run into
a problem without an obvious solution. I've added some C# code to write
errors to the event log, and that compiles fine. But when run, the
application doesn't have permission to access the registry, and a
security exception is raised.
Now I know that the answer lies somewhere in the .NET configuration
panel, but I've no idea where. I've tried a few things, but got...
|
by: Aidan |
last post by:
Hi PHP guru's,
I've been working on creating a PHP formmail script. I have a working
version, but I'd like to get feed back on what security holes I may have
opened, and what I could do better. Here's the code:
<?php
// $to - set this to where form contents should be sent
$to = 'someone@somewhere.com';
|
by: Scott |
last post by:
I've been trying to come up with a way to ensure user input is coming
from the form on my site, and not auto-submitted from elsewhere, and I
don't want to use the "enter the code shown in the image" method. I know
the $_SERVER contents can be spoofed, so I thought of
doing something similar to this:
<?php
session_start();
$code = mt_rand(0,1000000);
$_SESSION = $code;
| | |
by: Michael Suess |
last post by:
Hi,
please feel free to correct me if this is the wrong group to ask this
question. I have a blog about parallel programming and concurrency
(http://www.thinkingparallel.com if you are interested). I would like to do
some interviews with the so-called "parallel programming gurus" of our time
and ask them only 10 short questions about their particular parallel
programming system. I have come up with the following list of people (in no...
|
by: Singulus |
last post by:
Hello all,
I've searched for similar threads, I've found some bit of useful info
here and there, but nevertheless I want to post my questions...So, how
can I (we, in fact the forum can benefit from the discussion, this is
the point here) become C++ gurus?
I have 5 years of working experience with C/C++, I know that this can
be very ambiguous thing, but anyway...I've come to the point where I
want to structure and organize my further...
|
by: stevenjs |
last post by:
Greeings, all,
Flash 8 has quiz templates which are coded for multiple choice, true/false, text statement, and matching types of questions, along with hotspots and probably anoher type I am forgetting. The test taker makes their selection(s) or answers, and clicks a "check answer" button. They then get a feedback statements depending on whether they have answered correctly or not. Many questions involve multiple selections to be correct, but...
|
by: Andrey |
last post by:
Hi,
I will be hiring a php guru to help us architect a highly scalable web
site/web application; the problem is I am coming from Microsoft .NET
world and not too much familiar with the platform.
What kinds of questions would you advice to ask the person on the
interview to see if he/she is:
1. Proficient with php
2. Proficient with MySQL (development, maybe some administration)
3. Has web app architecture skills and knows how to build...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
