| Groups | Blog | Home |
dotnet security : Help : Access denied ???
Dear all,
I have a windows application that can be use by any user. In order to check my applciation least priviledge i nee to be sure that my applciation runs correctly with minimum rights. One phase of my appliction is that it store some log information in a file whatever the user logged in. For that I store the log file under "Application.CommonAppDataPath", as it name explain, its Common. Common to every use yes but not for writing unless you are an administrator. Storing it under Application.LocalUserAppDataPath will generate one log file for every new user. This is not what I want. What is the best way tohandle that situation ? regards
Lets replace the Log file by a database for instance.
That database contains the application configuraton setting based on loged in user. So each user is free to modify through a UI its application settings which get store to that database. The database is then common and unique for the whole application and every user. Actually that database is installed with my application deployemen package under Program File folder. Then a normal user to dot have write access under sub folders. If I need to share the database location to be read and write access for every user do I have to define the user right during my application deployement or do it manually ? What is the best ? regards serge [quoted text, click to view] "Dominick Baier [DevelopMentor]" wrote:
> users are isolated by default under windows - the only writable locations > for normal users is the profile - if you want a shared directory for all > users you must create that manually and ACL it accordingly. > > --------------------------------------- > Dominick Baier - DevelopMentor > http://www.leastprivilege.com > > > Dear all, > > > > I have a windows application that can be use by any user. In order to > > check my applciation least priviledge i nee to be sure that my > > applciation runs correctly with minimum rights. > > > > One phase of my appliction is that it store some log information in a > > file whatever the user logged in. For that I store the log file under > > "Application.CommonAppDataPath", as it name explain, its Common. > > Common to every use yes but not for writing unless you are an > > administrator. > > > > Storing it under Application.LocalUserAppDataPath will generate one > > log file for every new user. This is not what I want. > > > > What is the best way tohandle that situation ? > > > > regards > > serge > >
users are isolated by default under windows - the only writable locations
for normal users is the profile - if you want a shared directory for all users you must create that manually and ACL it accordingly. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > Dear all, > > I have a windows application that can be use by any user. In order to > check my applciation least priviledge i nee to be sure that my > applciation runs correctly with minimum rights. > > One phase of my appliction is that it store some log information in a > file whatever the user logged in. For that I store the log file under > "Application.CommonAppDataPath", as it name explain, its Common. > Common to every use yes but not for writing unless you are an > administrator. > > Storing it under Application.LocalUserAppDataPath will generate one > log file for every new user. This is not what I want. > > What is the best way tohandle that situation ? > > regards > serg
or you could use some standard logging mechanism, like EventLog
--------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > Dear all, > > I have a windows application that can be use by any user. In order to > check my applciation least priviledge i nee to be sure that my > applciation runs correctly with minimum rights. > > One phase of my appliction is that it store some log information in a > file whatever the user logged in. For that I store the log file under > "Application.CommonAppDataPath", as it name explain, its Common. > Common to every use yes but not for writing unless you are an > administrator. > > Storing it under Application.LocalUserAppDataPath will generate one > log file for every new user. This is not what I want. > > What is the best way tohandle that situation ? > > regards > serge
well - you can always set up a directory during deployment and ACL it appropriately
- the System.Security.AccessControl namespace provides everything to do that programmatically. --------------------------------------- Dominick Baier - DevelopMentor http://www.leastprivilege.com [quoted text, click to view] > Lets replace the Log file by a database for instance. > That database contains the application configuraton setting based on > loged > in user. > So each user is free to modify through a UI its application settings > which > get store to that database. The database is then common and unique for > the > whole application and every user. > Actually that database is installed with my application deployemen > package under Program File folder. Then a normal user to dot have > write access under sub folders. > > If I need to share the database location to be read and write access > for every user do I have to define the user right during my > application deployement or do it manually ? > > What is the best ? > > regards > serge > "Dominick Baier [DevelopMentor]" wrote: > >> users are isolated by default under windows - the only writable >> locations for normal users is the profile - if you want a shared >> directory for all users you must create that manually and ACL it >> accordingly. >> >> --------------------------------------- >> Dominick Baier - DevelopMentor >> http://www.leastprivilege.com >>> Dear all, >>> >>> I have a windows application that can be use by any user. In order >>> to check my applciation least priviledge i nee to be sure that my >>> applciation runs correctly with minimum rights. >>> >>> One phase of my appliction is that it store some log information in >>> a file whatever the user logged in. For that I store the log file >>> under "Application.CommonAppDataPath", as it name explain, its >>> Common. Common to every use yes but not for writing unless you are >>> an administrator. >>> >>> Storing it under Application.LocalUserAppDataPath will generate one >>> log file for every new user. This is not what I want. >>> >>> What is the best way tohandle that situation ? >>> >>> regards >>> serge
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
| home · blog · groups | Questions? Comments? Contact the dn |