Is there a way to determine what (and where) in my code is causing certain capabilities to be required?
When I run CapabilityDetection.exe against my bin folder it comes up with:
ID_CAP_MEDIALIB
ID_CAP_NETWORKING
ID_CAP_PHONEDIALER
ID_CAP_WEBBROWSERCOMPONENT
ID_CAP_IDENTITY_USER
ID_CAP_MEDIALIB indicates that you're accessing the media library somewhere, but I've seen this reported incorrectly a lot. ID_CAP_NETWORKING means you're accessing a data connection at some point, ID_CAP_PHONEDIALER means that you're making a phone call, ID_CAP_WEBBROWSERCOMPONENT means that you've go the WebBrowser control on at least one page. I don't think I've ever seen these reported in error. ID_CAP_IDENTITY_USER means that you're using the anonymous Windows Live ID for user identification, which is typically the case when you're using a third party analytics solution such as mtiks or Flurry.
There's a list of the various capabilities on MSDN. Generally speaking, if you don't think you're using a particular capability, take it out, and then check that your application still runs as expected.
Related
I have a windows service written in C# running on a machine and it creates and uses a number of files. Is there a way to prevent a user on the machine, administrators included, from messing with these files(moving, editing, renaming, deleting) from the code?
I know that StreamWriter can achieve this, but I don't want to keep the files open all the time without the need to actually access the data in them, but I can't seem to find any other way.
EDIT: Let me rephrase the question base don the comments below. Is there a way to setup ACL in a way that only my service can access the files? I would also accept if only services could access the files(I have seen mention of All Services security group in Microsoft Docs but I can't seem to actually find it on the system or in .net).
You can do it changing access privileges BUT I strongly suggest to simply keep them open (just be careful to flush the stream after each batch write).
In the first part I try to address directly your question ("How to prevent...") but in the second part I tried to outline a different approach (make your application resilient: keep a backup).
How to prevent...
Assuming that you're running on Windows to avoid other users to mess with them you should:
Set the hidden attribute. By default hidden files are hidden and many users won't even see them. If you can do it at directory level then even better.
Change ACL to deny Full access to Users and Administrators group. Better if you cherry pick and just leave Read permissions. By default Windows pick the most restrictive policy, even when an user belongs to two group, then this will effectively stop everyone to write that file (if you deny also Read permissions then they won't even be able to see its content but see later).
Create a special group (with the required permissions, and only those) with one single user. Be sure that user isn't automatically added to the Users group.
Change your application to impersonate that user when writing those files. If you left the Read permissions in-place then code for reading isn't affected.
Don't forget to check with different versions and editions of Windows (HomeUsers keep bouncing in my mind.) If your application is a Windows Service then things may be slightly easier, see eryksun's comment.
You can experiment with all these things simply using Windows Explorer, just find the right balance but don't forget that each single installation is a different world and only God knows what the environment is (but he doesn't know why).
Few obvious drawbacks:
An administrator can ALWAYS do what he wants then they may find those files and revert permissions. I think (I'm not sure) that System Installer has some special privileges to prevent this but I'm not sure (and I can't imagine how to do it).
Installation is way more complicate (and you will need one if you don't have). You may do it when application is executed first time but then you will need administrative privileges (just once but probably worse.)
Your code is more complex.
More setup means more things that may go wrong, balance this with the effort of your technical support team.
Updates (and tech support job) will be more complicate.
Users with certain privileges won't be affected (see another comment) but this is really a good thing and you shouldn't every try to circumvent it.
Backup is the key!
Don't forget that if they really want to break your application then they will just delete the application directory...
I think, but I don't know your specific use-case, that maybe you're approaching the problem from the wrong angle. If what you want to prevent the user to corrupt your data files (intentionally or not) then what you need is a BACKUP. Save a copy in a different location each time your write them, mark it as hidden and live happy. If they're not too big you may even save content directly inside Windows Registry. For encrypted/hashed/checksummed files your application can easily detect when they're broken or missing: just restore backup and you're done.
I don't want to keep the files open all the time
But keeping them open is a good way that closely follows your intent and requirements.
As long as it's not about hundreds or more, this seems the best option.
The other way is to set the security properties (ACL) but that is messy and requires a higher privilege.
Excluding the Admin is not totally possible and you should not really want that. Avoiding accidental delete or rename is doable, total control is not.
2 Other options are
Set some permissions in the locations here the files are so that no one can access them
If all of the files in question will be created by your application, you could check the options in CreateFile, where you can set the sharing options to 0x00000000 to "Prevent other processes from opening a file or device if they request delete, read, or write access."
If you want to use CreateFile I guess you will have to pinvoke it
I have a site hosted on Appharbor (free version), and then have the NewRelic free add-on. I setup the availability monitoring to go against my homepage.
Now, I'm getting a bunch of errors because my REST api page is returning errors. I want NewRelic to completely ignore this page.
How do I have NewRelic ignore this page?
It sounds like you want to investigate DisableBrowserMonitoring() in the New Relic .NET agent API.
If you only want to turn off the RUM feature for some applications (app/website being monitored) you can use the DisableBrowserMonitoring() in the New Relic .NET agent API mentioned above. This disables the automatic insertion of browser monitoring scripts for specific pages. Currently, this is only supported with web applications, but we have experienced success that this can work with static pages. Add this call to any pages you do not wish to instrument with page load timing (sometimes referred to as real user monitoring or RUM). More information, recommendations and an example how to use this here: http://docs.newrelic.com/docs/agents/net-agent/features/net-agent-api#disable_browser.
Another solution is to use the browserMonitoring element child of the configuration element. browserMonitoring configures page load timing (sometimes referred to as real user monitoring or RUM) in your .NET application. Page load timing gives you insight your end users' performance experience. This is accomplished by measuring the time it takes for your users' browsers to download and render your webpages by injecting a small amount of JavaScript code into the header and footer of each page. More information: https://docs.newrelic.com/docs/agents/net-agent/installation-configuration/net-agent-configuration#browsermon-autoInstrument
<browserMonitoring autoInstrument="true">
<attributes enabled=”true”>
<exclude>myApiKey.*</exclude>
<include>myApiKey.foo</include>
</attributes>
</browserMonitoring>
The config file method lets you filter without having to change code. However, you also have to be careful if you use the config option to exclude paths because you're putting a Regular Expression in there, and if it is a complex one (which it shouldn't be) it could affect performance and things like that. On the other hand, if you just use a plain and simple regex to look for a page, it is pretty fast too.
I think that the API calls might perform better but that is totally subjective, and I wanted to give you both options.
Note, after any change in your configuration, you will need to perform an iisreset as administrator and exercise your app for a while to see the changes reflected on your New Relic Dashboard.
I'm doing an program, which is running on an local system, with no internet access. Is it possible to create my own custom Web Map Service (WMS) server, using C#. I no that there are free open source system's. But i like to have full control.
Thanks Morten Starck
That is very possible, but you might be in for a headache or two before you are done. The implementation specification and more is available from the Open Geospatial Consortium at the url below.
http://www.opengeospatial.org/standards/wms
It's quite a large specification but you might be able to get away with implementing only the parts you really need and leaving some of the more specific stuff out. You will of course also need to parse and render the map data from some source which might be your largest problem (for which I really would suggest you have a look at SharpMap, http://sharpmap.codeplex.com/ instead of rolling your own).
Apps downloaded from the Windows Store are installed in this location:
C:\Program Files\WindowsApps
If you look inside this folder you can access each application's .exe and use reflector to decompile them.
Currently, my Windows RT application sends a password over SSL to a WCF service to ensure that only people using my app can access my database (via the service).
If my code can be read by anybody, how can I ensure that only people using my Windows 8 app are accessing the service?
Thanks!
In the very general sense, it is impossible. If ever you create anything that is placed on the customer's computer, eventually you will stumble upon someone that will manage to decipher your code and understand how to call your service. You may obfuscate it into insane levels, but still it has to be executable by the processor, so the processor has to understand it. And if it does, then potentially anyone knowing assembly can understand it too. You may smartly obfuscate it so that it will be very time-consuming to cleanup the code from unimportant trash, but still, at some point of time someone will read it.
One of common defenses is in trying to detect who* is actually trying to use your service. This is why all the "portals" require you to "register". This way, the application identity is marginalized and it is the user who provides login, password, PGP keys, etc is checked and verified whether he/she is allowed to actually run your service.
Also, on the OS/framework layer, there are several ways to selectively provide "licenses" to your customers and then in your application you may use keys/hashes from the licenses to authenticate in your service. This may partially remove from the user the burden of remebering the passwords etc, or it may provide an additional authentication factor, or it may simply be a yes-no flag that allows to run the app or not. Still, it will not guard your code against being read. Licenses just help in verifying if the software copy is legit and if belongs to that specific user/computer.
You may act selectively only against 'reflectoring' (or dotpeeking, or ildasming, or ...). Those tools really make the decompilation easy (although the original reflector is now paid software). So, the simpliest form would be to use obfuscator that will make the decompilation impossible or harder - that cuts some percentage of the potential code-readers and you can assume scriptkiddies are gone. You may ignore obfuscators and you may write the service connector in native code (C++, not C++/cli). That will make the code completely un-reflectorable and un-ildasmable, and that will cut off another large percentage of people, but with some will still be left (me and thousands of others, but that's much less than millions).
While this does not give you definitive answer, I wanted to show you that you can only get some "level of hardness", but you cannot make it totally safe from being read. This is why you should focus on making the service access in that way, that showing your code to a stranger on the street does not compromise your security.
Now gettint to your problem: the core thing seems to lie not in the fact that your app uses some secret algorithms, but rather - that you have hardcoded the password in. You see, there's with this approach, they do not need to read your code at all. They just need to listen what data your app sends over the sockets..
Another issue is that everyone uses the same keyphrase.
A hardcoded magic string may be some sort of validation, but never authentication. If you want the app to be register-free, make the registration silent and automatic at first run? Of course, you will just bounce the problem: anyone could read the code and learn how to autoregister, and then they will make a clone.. But, again, like I've said: you never know who's on the other side. Is it your app, or is it an ideal-clone of it? Or maybe is it a clone that uses your own hacked-a-bit libraries to connect to you? If it looks like a duck, and quacks like a duck, it is a duck..
I need to use geolocation to Android (using Monodroid). And I'm left with two problems.
The first: Should I explicitly warn the user (based on GPS-coordinate
(as in windows phone)
The second (more complicated): I followed this Localisation
sample but still has no lastKnownLocation. Is it because of
the emulator?
I'm not sure what you're asking in the first part of the question. Should you warn the user about what, your use of their location? I'd say that depends on how heavily you're using it, but at the very least they would see that you're requesting the location permission(s) when installing your app.
For the second question, take a look at this question/answer from a few days ago. In short, GetLastKnownLocation() can return null if the provider has never received any location updates.
Edit:
To answer your question in the comments, there are several ways to mock location data in the emulator. This page in the Android documentation walks through how to do it.