I'm creating a new database application using C# and MS-Access, I want to make the database file ONLY accessible for (read/write) operations from within my application so that the user haven't the ability to open the file from outside the application but the application has the full access to the database file, Or may be a better way is to make this permission for the root folder of the database.
Someone may ask "Why don't you just set a password for the database?"
My reply is that I want the root folder completely inaccessible and therefore the user won't know the database type I'm using because I will change the file extension for it.
As far as I know that the Windows OS uses the NTFS permissions -Groups- to make a folder accessible only for a set of groups like (Trusted Installer, System, Users,...)
Can I Achieve my goal using NTFS Permissions, or may be there is a better way to handle this?
I added fixed length encrypted bytes to the start of file using low level file read write operations and my app upon execution removed the bytes and had given me the actual file and I blocked the starup menu and short cuts keys and context menus using windows api so only my app had access to it plus I enabled windows stuff upon app termination and encrypted database again so it was unreadable for another access enabled app.
Related
I am using Properties.setting.default.var to permanently store a value in a C# application on the same PC.
Now I am facing a problem that when I save the value but copy the application to another PC, the permanent value does not remain. Does the properties.setting trick not work in this scenario? If yes? Please advise the solution.
You need to get the settings stored in location that is accessible by all devices you plan to run your program on.
You can either
make sure current location of the settings file is synchronized between all devices - this way you can keep your existing code. You can sync files via roaming profiles in Windows Domain, by letting some file share synchronization tool to sync that file - i.e. OneDrive, by just manually copy file or any other way you can find.
write settings file yourself to shared location which can be accessed by all devices - pretty much any service that allow to upload data would do. Some will allow authenticated access so you can limit settings to particular user (OneDrive, GoogleDrive,...), some some form of anonymous/semi-authenticated uploads (which make personalized settings a bit harder and make them public for all to see). You may still be able to use some of the existing code but likely getting your settings in JSON format and uploading would be easier.
My Simple C# application contains a settings window. It actually prompts to set or reset password. Currently, I'm saving these preferences using database and displaying it accordingly during next logon.
I wonder if there could be an easy way to make the application remember those preferences when we open it for the next time.
Possible?
There are several ways to save preferences. You can use the built-in settings system through Properties.Settings.Default.yoursetting, you can use IsolatedStorage System.IO.IsolatedStorage, you could simply write a file to the application directory, you could save it in the registry by creating your own registry key. If you want something easy and simple, use the built-in settings by going to the solution explorer, open up the Properties folder and double-click on Settings.settings. Add the settings fields you want and you can access them through Properties.Settings.Default.yoursetting
if it is a normal preference or if you don't really care if someone can just read the user's credentials and use it then it's fine to store it in a config file somewhere. You can also choose to encrypt the credentials and store it some where. However, I would rather use the windows' build in credential manager to store log on information the same way TFS does for example.
"Control Panel\All Control Panel Items\Credential Manager"
storing-credentials-in-credential-manager-service
First thing to do is to have a clear understanding of your settings:
I will summarize how I usually categorize the options of an application.
I call them "DomainOptions", "MachineOptions" and "UserOptions"
DomainOptions are settings that define the behaviour of your application for every user and from whichever machine they run the app. These setting should obviously stored in the shared database and just a restrict number of users should be able to modify them (I.E. the uri of a web service, the shared folder for application data, the fixed tax value required by your local regulations and so on)
ApplicationOptions are settings that define the behaviour of your application when it is started by a specific machine. Think, for example to a machine that has VPN connection and need to authenticate before running the app. These settings could be stored in the app.config or other local storage (avoid at all cost the REGISTRY), but keep in mind that if you need to change these values at runtime you can't write them in the configuration files for the Application section because it is read only at runtime. In this case I suggest to write your own class to store some sort of XML files in your common application data directory (Environment.SpecialFolder.CommonApplicationData + yourappfolder)
UserOptions are settings that every user could personalize like colors, window positions, accessibility parameters and so on. These could easily stored through the configuration files (User section) because they are modifiable by every user. However, if you have also a class to store the ApplicationOptions it is trivial to implement a variation to store these settings in the Local application data. (Environment.SpecialFolder.ApplicationData + yourappfolder)
I'm developing a small application using C# that
will run as a service
will monitor (uses FileSystemWatcher) and log the changes made to files under a certain directory say C:\
I'm able to achieve the above things, below are the things i'm looking for pointers/suggestions
if some one accesses (with or without admin previlege) my machine ( using Run command and passing input as \ \mysystemname\C$) and creates/deletes/modifies files under the directory, then how should i can get the user id of the account. For example if i use System.Environment.UserName then it gives my user name.
Is it possible to monitor the above scenario if so can any one provide me pointers.
If this is tracking remote file access to a shared drive, you might want to check out this open source project: http://www.codeproject.com/Articles/62357/Monitoring-Access-to-Your-Shared-Files-on-Network
Browsing through the code I don't see exactly how the username is retrieved, but the app looks to have the features you need.
I'm working on a WPF application right now in C#, and I need to be able to save some images. These images need to be saved into a directory that the user that's currently logged in doesn't have access to without some administrative privileges (essentially, to control the security on what images are being saved to that directory).
How can I set up such security permissions? Is there some directory that I can add subdirectories to with these images inside?
Normally, I would try to post some code in example to what I have. I'm not entirely sure where to begin with this problem, though.
As Andrew already told in his comment you should really best start with a service. This will run under another account (normally System, but you can change this within the control panel). To start with this a service is in the first step nothing more than any other normal process. So to get a connection between the user application and the service you can use any inter-process communication as you like.
The only difference between a normal application and a service is that the service will be started and managed through the service manager and thous needs to derive from ServiceBase. Also maybe this Walkthrough might help you to start.
Default context for all non-user programs is system which it available to you via service programming and you are not familiar with it. A hack would be logging into another account (i.e administrator) and run the program in that context which is not possible on all windows versions and I believe doesn't worth the resources it cost and also is a security risk.
Another solution would be encrypt your application data and store it somewhere.
My problem is I have a LOB application that can possibly save multiple files (number of files only known at runtime) based on user inputs. Saving this as a single file and having the user break them apart, or zipping them up as a single file is not an option unfortunately.
SaveFileDialog seems suited to only save 1 file at a time. Third party controls may be an option but I have yet to find any that serve this purpose. Thanks!
The browser security model guidelines (outside of Silverlight) prohibit web application logic (script or otherwise) from having direct access to the local file system.
Consider what havoc a malicious web site could wreak on your computer if web application script could write arbitrary files to arbitrary locations on the local hard disk!
For this reason, Silverlight isolates your code away from the local file system. Silverlight manages the Open File or Save File dialogs, but your web app code never gets to see the full path of the file names directly for security reasons. The Silverlight dialog only supports working with one filename / path at a time.
Silverlight does offer isolated storage on the local machine in which your web app could write multiple files. However, as noted in comments, isolated storage is isolated in both directions - it keeps the web app isolated from the local file system, and that makes it difficult for the end user to access the contents of the isolated storage outside of the browser. (Difficult enough to make it infeasible for nontechnical users, but not difficult enough to call isolated storage "secure" from malicious snooping).
Short of writing your own native executable browser extension (for each different browser brand and version you wish to support) (or non-sandboxed javascript plugin for some browsers), I don't think there is a way for a web app to push data into multiple local files convenient to use outside of the browser in one user action.
Since this is an LOB in the intranet zone have you considered asking your users to install the app as OOB with Elevated trust. This would allow you to write files to the users Documents folder without the SaveFileDialog.
The other option is to zip the files with a single SaveFileDialog call.
There are no other Silverlight oriented solution.