General discussion

Locked

VB Programming

By cratem ·
How can we make the access level of an application higher than the user logged in access access level in a VB application running on Window NT/2000. Eg. the logged in user in Windows NT/2000 has no access at all to a file. Using the VB application he is able to delete or move the file.
I have several application where I want to set the lowest access level for the user to log into the system so that he cannot do any damage to the system. If it is necessary for him do do any thingabove his access level he can only do it via an application. With this I can allow the user to do things that he is not able to do with his normal log in access but with no threat that he can do it manually on his own.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

VB Programming

by Glen_McLeod In reply to VB Programming

Under Win2K you can do this, but it means getting into some serious Kerberos API programming. I've never done it, but I'm familiar with the theory.

In your application, you'd have to call the Kerberos API to get a security token for an accountthat has the necessary permissions. You'd have to hard code the security information (username, password) for that account in your app. Then, operating under the account you got the token for, perform the functions.

It's not for the faint of heart, and I've yet to see a reference for the Windows version of the Kerberos API (there may be one, I just haven't seen one yet).

Glen

Collapse -

VB Programming

by cratem In reply to VB Programming

I had checked several VB programming books and also the network. I have no leads. All talk about security. None tells me how to solve my problem.

Collapse -

VB Programming

by Gicu Artistu' In reply to VB Programming

I wouldn't do this is kinda dangerous. I would do this by building some "middleware" that you could ask to perform these tasks. This middleware could run at the system level and it could keep a list of ACL's.

Collapse -

VB Programming

by cratem In reply to VB Programming

This applications are not big applications. I have a directory which is read only for a user for his applications. Only at times the files in the directory need to be written. If I set the permission of this user to read & write in Windows than this user can log into Windows 2000 and do changes to the file manually. This is dangerous. Now I am editing the files by myself for him.

Collapse -

VB Programming

by donq In reply to VB Programming

If you can convert your application(s) to a database product like Microsoft Access 2000 your task is a snap via the Workgroup and/or object level user permissions.

Collapse -

VB Programming

by cratem In reply to VB Programming

This applications are not big applications. I have a directory which is read only for a user for his applications. Only at times the files in the directory need to be written. If I set the permission of this user to read & write in Windows than this user can log into Windows 2000 and do changes to the file manually. This is dangerous. Now I am editing the files by myself for him.

Collapse -

VB Programming

by shmaltz In reply to VB Programming

I whould create a second application that is made only to do just the jobs that requires higher access. Then I whould run that (2nd) application as a serivce and have that service started with an account that has the required access to do the job. In the original application (where the user is logged on with low access) I whould run the job thru the service.
One easy way to accomplish this is by having the application running as a service, check for a text file in a directory that has the instructions on what to do. And in the original application (where the user is logged on) create the text file with the instructions in it.

Collapse -

VB Programming

by cratem In reply to VB Programming

This answer is the nearest to what I needed. I was looking for something like a login in the application and log out.

Collapse -

VB Programming

by mmaker1234 In reply to VB Programming

From the info you gave I think these files are some kind of configuration files.
I suggest you the following paths:
1. Shift the protection - allow full access to these files (not the whole directory) and protect the file content with CRC. Check it at each start and exit the program on problem;
2. If these files shouldn't be human-readable, allow full acces to them and scramble the content (a simple char-replacement algorithm should be enough);
3. Move the data into the database (if the user shouldn't access it without the program);
4. In other case try calling a hidden, more powerful, process as mentioned in a previous answer (#4, I think);
5. Or try start a shell with a more powerful account, unlock the files, do the job, lock the files and exit the shell. This is possible in UNIX systems, but I'm not sure about Win2K.

Collapse -

VB Programming

by cratem In reply to VB Programming

Poster rated this answer

Back to Web Development Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums