Prev: Word-compatible Text Editor
Next: PSZ or PTR
From: Geoff Schaller on 30 Apr 2010 07:42
Kevin,

You are trying to put the cart before the horse.

Firstly, there is no security if it isn't based on domain security
because you are then talking about a single machine. Secondly, you
cannot know how to set up such a system and then replicate it to other
PCs by installer unless you are basing it on domain security. Local
machine policies don't count - they aren't really detectable
systematically. Thirdly, each logged on user, whether they are in a
domain or just a local user, will get their own profile and thus data
files will be stored in the appropriate user data area.

Your application will decide whether to use the user or public folder
area.

So it isn't a question of how it might be done - you just do it. There
are standard system defines for the folders and these are all well
documented and well known. But you will have to make the choice or you
ask the user to elect which it is - but then if you have to ask the user
it isn't really security is it <g>.

I only mentioned SQL Server because mostly, that is where everybody is
going (or should be). If you are genuine about security and stability
then you will be heading to SQL yesterday. If you need to stay file
based then you need to set up the folder security appropriately on the
PC. There really isn't any "VO" approach because this is a structural
thing, not a coding thing.

Cheers.

Geoff


"Kevin" <kdmurphy(a)eircom.net> wrote in message
news:FLyCn.936$I8.442(a)news.indigo.ie:

> Geoff,
>
> My question was more to do with how you the VO application to handle the
> possibility.
>
> With SQL the user rights would control the access so unless a user has
> the right access information they cannot get at the data.
>
> What if the program is not using SQL and the client does not want the
> program to use SQL?
>
> Correct me if I am wrong, but a domain would set up the paths and as
> such the program has the same set up for the users and the program does
> not need to change the path based on user. That is my understanding,
> probably simplified.
>
> But if the data files are to be stored locally, potentially different
> files for each user, what is the best way for the program to check for
> this? For example, if the program is installed for ALL USERS then the
> path is the COMMON Documents folder. But if it is installed for a single
> user then it is the users document folder. My question is more how to
> code the VO app to check this. I can get one path or the other but how
> when the app starts does it determine which to use?
>
> The pseudo code below will hopefully make it clearer what I am trying to
> figure out.
>
> Kevin
>
> App start
> Determine if ALL USER or current user --> What is the best way to do
> this
> If All USER installation
> Get ALL USERS path
> Else
> Get current user path
> Endif
>
>
> "Geoff Schaller" <geoffx(a)softxwareobjectives.com.au> wrote in message
> news:z%xCn.22330$pv.4131(a)news-server.bigpond.net.au:
>
>
> > Kevin,
> >
> > I think you're on the right track.
> >
> > Firstly we use domain logins and domain groups to establish "rights" to
> > functionality (but that has to be defined by the business) and then
> > common data goes into the shared user data folder and private data to
> > users data folder.
> >
> > But under SQL you are constrained to user rights and privileges and this
> > is still best handled with sql server users based on domain accounts.
> >
> > Geoff
> >
> >
> >
> > "Kevin" <kdmurphy(a)eircom.net> wrote in message
> > news:AMwCn.930$I8.342(a)news.indigo.ie:
> >
>
> > > Hi all,
> > >
> > > I am looking for some recommendations on the best way of allowing an app
> > > to work either for a specific user or all users.
> > >
> > > Up to now all of my apps have been set to install with all users of the
> > > computer having access to them and their data files. I put the data in
> > > the shared data area. There have been one or two which have been user
> > > specific, that is only the person that installs the program has access
> > > to it and the data files. Here I put the data in the users data folder.
> > > I have never need to create the app where it might be installed specific
> > > to a user or for All Users.
> > >
> > > The installation program can be used to put the files in the appropriate
> > > location. But what is the best way of handling it in VO? There are a few
> > > options I can see:
> > >
> > > 1. Set a registry key which specifies the path to the data files.
> > > 2. Use a config file in the programs data folder to store the path.
> > > 3. When the program starts check the ALL USERS folder and then, if
> > > needed, the user folder.
> > >
> > > What way do you handle this sort of thing?
> > >
> > > If you store a value in the registry to specify the chosen option, do
> > > you put it in the ALL USERS hive or the specific user? Or do you just
> > > check the ALL USERS hive and then the user one?
> > >
> > > Thanks in advance for your feedback.
> > >
> > > Kevin

From: Kevin on 30 Apr 2010 09:04
Geoff,

In the app I am working on it is for a single machine but there might be
multiple users who require their own files. It is a local machine based
app.

I know about the system defines and have used them but never in an app
that might be installed with their own files or shared files. I know
that the app has to decide which to use and that is what I was asking
about, the best way to get the app to do it. Even on a local machine the
users documents folder is specific to them and other users cannot access
it. As a result the app needs to be able to identify where the files
are.

Maybe I am not getting what I have in mind across, and if so I
apologise.

Massimo has given me a pointer as to what I was wondering about.

Could you give me a bit more info on using Domain Security as you and
Ginny are suggesting. I understand about the user rights on SQL tables.
But does the app pick up the user login from windows and use that when
connecting or is it picked up automatically, or does that depend on the
way it is set up?

I have no experience with MS SQL Server or the Express version so don't
know what is involved in setting them up on an End Users computer. After
installation how easy is it to configure the required table(s) and/or
permissions?

Kevin

"Geoff Schaller" <geoffx(a)softxwareobjectives.com.au> wrote in message
news:GmzCn.22339$pv.2393(a)news-server.bigpond.net.au:

> Kevin,
>
> You are trying to put the cart before the horse.
>
> Firstly, there is no security if it isn't based on domain security
> because you are then talking about a single machine. Secondly, you
> cannot know how to set up such a system and then replicate it to other
> PCs by installer unless you are basing it on domain security. Local
> machine policies don't count - they aren't really detectable
> systematically. Thirdly, each logged on user, whether they are in a
> domain or just a local user, will get their own profile and thus data
> files will be stored in the appropriate user data area.
>
> Your application will decide whether to use the user or public folder
> area.
>
> So it isn't a question of how it might be done - you just do it. There
> are standard system defines for the folders and these are all well
> documented and well known. But you will have to make the choice or you
> ask the user to elect which it is - but then if you have to ask the user
> it isn't really security is it <g>.
>
> I only mentioned SQL Server because mostly, that is where everybody is
> going (or should be). If you are genuine about security and stability
> then you will be heading to SQL yesterday. If you need to stay file
> based then you need to set up the folder security appropriately on the
> PC. There really isn't any "VO" approach because this is a structural
> thing, not a coding thing.
>
> Cheers.
>
> Geoff
>
>
> "Kevin" <kdmurphy(a)eircom.net> wrote in message
> news:FLyCn.936$I8.442(a)news.indigo.ie:
>
> > Geoff,
> >
> > My question was more to do with how you the VO application to handle the
> > possibility.
> >
> > With SQL the user rights would control the access so unless a user has
> > the right access information they cannot get at the data.
> >
> > What if the program is not using SQL and the client does not want the
> > program to use SQL?
> >
> > Correct me if I am wrong, but a domain would set up the paths and as
> > such the program has the same set up for the users and the program does
> > not need to change the path based on user. That is my understanding,
> > probably simplified.
> >
> > But if the data files are to be stored locally, potentially different
> > files for each user, what is the best way for the program to check for
> > this? For example, if the program is installed for ALL USERS then the
> > path is the COMMON Documents folder. But if it is installed for a single
> > user then it is the users document folder. My question is more how to
> > code the VO app to check this. I can get one path or the other but how
> > when the app starts does it determine which to use?
> >
> > The pseudo code below will hopefully make it clearer what I am trying to
> > figure out.
> >
> > Kevin
> >
> > App start
> > Determine if ALL USER or current user --> What is the best way to do
> > this
> > If All USER installation
> > Get ALL USERS path
> > Else
> > Get current user path
> > Endif
> >
> >
> > "Geoff Schaller" <geoffx(a)softxwareobjectives.com.au> wrote in message
> > news:z%xCn.22330$pv.4131(a)news-server.bigpond.net.au:
> >
> >
> > > Kevin,
> > >
> > > I think you're on the right track.
> > >
> > > Firstly we use domain logins and domain groups to establish "rights" to
> > > functionality (but that has to be defined by the business) and then
> > > common data goes into the shared user data folder and private data to
> > > users data folder.
> > >
> > > But under SQL you are constrained to user rights and privileges and this
> > > is still best handled with sql server users based on domain accounts.
> > >
> > > Geoff
> > >
> > >
> > >
> > > "Kevin" <kdmurphy(a)eircom.net> wrote in message
> > > news:AMwCn.930$I8.342(a)news.indigo.ie:
> > >
> >
> > > > Hi all,
> > > >
> > > > I am looking for some recommendations on the best way of allowing an app
> > > > to work either for a specific user or all users.
> > > >
> > > > Up to now all of my apps have been set to install with all users of the
> > > > computer having access to them and their data files. I put the data in
> > > > the shared data area. There have been one or two which have been user
> > > > specific, that is only the person that installs the program has access
> > > > to it and the data files. Here I put the data in the users data folder.
> > > > I have never need to create the app where it might be installed specific
> > > > to a user or for All Users.
> > > >
> > > > The installation program can be used to put the files in the appropriate
> > > > location. But what is the best way of handling it in VO? There are a few
> > > > options I can see:
> > > >
> > > > 1. Set a registry key which specifies the path to the data files.
> > > > 2. Use a config file in the programs data folder to store the path.
> > > > 3. When the program starts check the ALL USERS folder and then, if
> > > > needed, the user folder.
> > > >
> > > > What way do you handle this sort of thing?
> > > >
> > > > If you store a value in the registry to specify the chosen option, do
> > > > you put it in the ALL USERS hive or the specific user? Or do you just
> > > > check the ALL USERS hive and then the user one?
> > > >
> > > > Thanks in advance for your feedback.
> > > >
> > > > Kevin

From: Ginny Caughey on 30 Apr 2010 12:41
Kevin,

For domain security the app uses .NET functionality to get domain info such
as full name, group membership, etc. I call this C# piece from VO - very
easy using this technique:
http://www.elbe-data.se/sv/vografx/visualobjectsandcsharp.pdf (big download)


--

Ginny Caughey
www.wasteworks.com




From: Geoff Schaller on 30 Apr 2010 20:09
Kevin,

> In the app I am working on it is for a single machine but there might be
> multiple users who require their own files. It is a local machine based

So this is no problem. You choose the base file path for the
application: it is either user data or public (change the wording for
xp/vista/w7). so you don't even need to ask the question. If there is
only one user it will just go wherever that is. If there are multiple
users then each user will have a private set of files. The only thing
you need to do is ask one question at install time: are there multiple
users needing privacy? If the answer is yes, got user data, if the
answer is no, go public.

> Could you give me a bit more info on using Domain Security as you and
> Ginny are suggesting. I understand about the user rights on SQL tables.

Your app (VO or C#) can easily get the domain group to which a user
belongs. Your app can even create and maintain those domain groups,
although this is a heck of a lot easier from C#. We've built a COM
object in C# that we use from VO. We create a domain security group than
assign that group rights within the application to do stuff: client
managers, data entry, approvals, bank balancers, cheque writers, etc...
Now the organisation can just add a user to the appropriate domain group
(or multiple groups) and remove them at whim without affecting the
application. The application can be coded against domain groups.

> But does the app pick up the user login from windows and use that when
> connecting or is it picked up automatically, or does that depend on the
> way it is set up?

No, the login is king. The user then belongs to some domain always. On a
standalone PC, the domain is the machine name. Log in and \there you are
- all that info is available.

> I have no experience with MS SQL Server or the Express version so don't
> know what is involved in setting them up on an End Users computer. After
> installation how easy is it to configure the required table(s) and/or
> permissions?

It is trivial. We basically stick to Windows Authentication so that we
can extend the domain group concept further but securing resources in MS
SQL Server is snap easy - either using the management studio or in code.
You will need a good sql book or two but there are millions to choose
from and significant forums like this one that help with concepts and
queries.

Geoff


From: Kevin on 4 May 2010 13:32
Geoff, Ginny,

Thanks for your replies. I will look in to it.

Kevin

"Geoff Schaller" <geoffx(a)softxwareobjectives.com.au> wrote in message
news:wiKCn.22421$pv.20829(a)news-server.bigpond.net.au:

> Kevin,
>
> > In the app I am working on it is for a single machine but there might be
> > multiple users who require their own files. It is a local machine based
>
> So this is no problem. You choose the base file path for the
> application: it is either user data or public (change the wording for
> xp/vista/w7). so you don't even need to ask the question. If there is
> only one user it will just go wherever that is. If there are multiple
> users then each user will have a private set of files. The only thing
> you need to do is ask one question at install time: are there multiple
> users needing privacy? If the answer is yes, got user data, if the
> answer is no, go public.
>
> > Could you give me a bit more info on using Domain Security as you and
> > Ginny are suggesting. I understand about the user rights on SQL tables.
>
> Your app (VO or C#) can easily get the domain group to which a user
> belongs. Your app can even create and maintain those domain groups,
> although this is a heck of a lot easier from C#. We've built a COM
> object in C# that we use from VO. We create a domain security group than
> assign that group rights within the application to do stuff: client
> managers, data entry, approvals, bank balancers, cheque writers, etc...
> Now the organisation can just add a user to the appropriate domain group
> (or multiple groups) and remove them at whim without affecting the
> application. The application can be coded against domain groups.
>
> > But does the app pick up the user login from windows and use that when
> > connecting or is it picked up automatically, or does that depend on the
> > way it is set up?
>
> No, the login is king. The user then belongs to some domain always. On a
> standalone PC, the domain is the machine name. Log in and \there you are
> - all that info is available.
>
> > I have no experience with MS SQL Server or the Express version so don't
> > know what is involved in setting them up on an End Users computer. After
> > installation how easy is it to configure the required table(s) and/or
> > permissions?
>
> It is trivial. We basically stick to Windows Authentication so that we
> can extend the domain group concept further but securing resources in MS
> SQL Server is snap easy - either using the management studio or in code.
> You will need a good sql book or two but there are millions to choose
> from and significant forums like this one that help with concepts and
> queries.
>
> Geoff

First  |  Prev  | 
Pages: 1 2
Prev: Word-compatible Text Editor
Next: PSZ or PTR