|
That doesn't answer my questions at all. What's the point of doing this at all?
|
|
|
|
|
To prevent the user from doing anything to app controlled folders and files.
If it's not broken, fix it until it is
|
|
|
|
|
If you're talking about under the Program Files folder you don't have to do anything. Everything under Program Files is ReadOnly to normal users.
But, what already exists depends on where you're these files/folder you're talking about are in the directory tree.
|
|
|
|
|
I have an app that has folders created and files copied to it without the user's interaction. Then permissions are applied.
If the user does not have rights, then they cannot add files, rename them, delete them, or likewise manipulate folders.
If it's not broken, fix it until it is
|
|
|
|
|
Your application will be running as the user that launched it. Your code cannot give more permissions than it already has from the user running it. Also, any changes to NTFS permissions are done as the user running your code. There is NOTHING preventing the user from just putting the permissions back that your code took away.
Permissions are just about never set in application code at run time but set at install time.
|
|
|
|
|
True, but what if I run my code using impersonation? Then the user who created it (my app) would be the only one that could manipulate it, right?
If it's not broken, fix it until it is
|
|
|
|
|
Normal users cannot impersonate other users.
|
|
|
|
|
There has to be a way to prevent a file from being touched by the user. I've see apps that somehow lock the file so no one but that app can manipulate it
If it's not broken, fix it until it is
|
|
|
|
|
And those apps are easily defeated. I've never seen one that couldn't be worked around with just a working knowledge of permissions and, in other cases, how ZIP files work.
So you're saying a user creates a file in your app and saves it and then loses all permissions to manipulate that file later on? That's a very unusual situation.
|
|
|
|
|
No, there's a service running. It detects a file on the server which is then copied to the user's PC.
The user should not be able to do anything to the file, or the folder it's in.
If it's not broken, fix it until it is
|
|
|
|
|
Your application can talk to a service that's running as an account that has sufficient permissions to set/remove permissions on folders.
This is a management nightmare, requiring a good working knowledge of how permissions work and are inherited in the NTFS tree. Such an explanation is beyond the capacity of forums posts.
Now, there's another way. Screw all the management of granting and taking permissions. The service would be the "file manager" in a folder where only the service account has permissions to write files/create folders. Your application could ask the service to save files/create folders as appropriate and the service would do all the file/folder work on behalf of the application using the permissions granted to it by it's own user account. This user account has to be specially setup to login as a service and has the appropriate permissions to where the files/folder will be stored.
|
|
|
|
|
Do you mean a Windows Service running under it's own account?
If it's not broken, fix it until it is
|
|
|
|
|
|
It probably would work OK assuming my installer created the account for the service.
If it's not broken, fix it until it is
|
|
|
|
|
Kevin Marois wrote: There has to be a way to prevent a file from being touched by the user. Not in Windows.
The user is the owner of the PC. Whatever code you can come up with, I can attach a debugger, halt and jump.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I understand that a developer can circumvent my app - I'm talking about your average user with no programming experience. This app isn't targeted to programmers.
If it's not broken, fix it until it is
|
|
|
|
|
A user doesn't need any programming experience to circumvent your security. They just need a passing knowledge of permissions.
|
|
|
|
|
Kevin Marois wrote: This app isn't targeted to programmers. You are effectively asking how to keep something private on a machine that ain't yours. You could 'hijack' the data, encrypt everything and keep your encryptionkey on a server. Not a good way to formulate it, but the question here is ownership. If you don't want them to access a file, then don't have it on the local machine.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Open the file in your app, and do not close it while the application is running. Make sure you set FileShare.None when opening the file. Of course, when you close your app, Windows will close the file, and now the user can access it.
|
|
|
|
|
This is related to core operating system fundamentals. If you control the environment (ie are an administrator on the machine where it's installed) you can lock it down. Otherwise, not gonna happen and any attempt on a distributed application would reek of malware.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
Suppose I have the following strings
Sample1[Model:M1; Year:1990]
Sample2[Model:M3; Year:1997]
I can get the index of the string Sample1 but how do I get the indexes of the first occurrence of the delimiters [ and ] after Sample1?
modified 12-Sep-16 0:30am.
|
|
|
|
|
The first character after 'Sample1 will have an index equal to the length of 'Sample1, if you know that first search string will always have a [ after it, then you can just use that, else use 'IndexOf which will return the index of the first occurrence.
If you are sure that there is only one ] in the search string, you can just use 'IndexOf on the string.
If there could be multiple [ :
int lastindexof = searchString.ToList().FindLastIndex(']');
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
|
|
|
|
|
Hi, thanks for replying. Your suggestion will get the indexes of all the delimiters after the string Sample1. However, what if I want only the indexes of the delimiters immediately after the string Sample2 or immediately after the string Sample5, Sample10, etc?
|
|
|
|
|
Hi, I made the assumption, in replying to your question, that you were parsing a file one-line-at-time, so the issue of possible multiple bracket characters would not arise.
But, there's a relatively easy way to confine your search to the first ] character after the first [ character found:
private string test = @"Sample1[Model:M1; Year:1990]Sample2[Model:M3; Year:1997];"
List<Point> bracketIndexes = new List<Point>();
char rBrack = '[';
char lBrack = ']';
int loc = 0;
int limit = test.Length;
int brackStart, brackEnd;
while (loc < limit)
{
brackStart = test.IndexOf(rBrack, loc);
if (brackStart == -1) break;
brackEnd = test.IndexOf(lBrack, brackStart + 1);
if (brackEnd == -1) break;
loc += brackEnd;
bracketIndexes.Add(new Point(brackStart, brackEnd));
loc++;
}
foreach (Point pt in bracketIndexes)
{
Console.WriteLine("{0} at {1} : {2} at {3}", test[pt.X], pt.X, test[pt.Y], pt.Y);
};
Notes:
1. I used a 'Point structure here to hold the discovered indexes for convenience ... as an alternative to using a Struct or a Tuple.
2. I'm allergic to writing a 'while loop without an exit condition, but, in this case, the loop is going to be exited the first time either of the two calls to 'IndexOf return -1.
3. Somebody could come along and show a much shorter way of doing this with RegEx (?), but since i am "RegEx challenged," that's a guess. Similarly, you could use Linq here, perhaps some form of 'GroupBy, but, my experience is that this type of operation is best done with loops: better performance. That opinion is one I have formed more from reading opinions of people I regard as at a level of technical depth much deeper than mine ... than from personal experimentation.
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
|
|
|
|
|
Use a Regex:
Regex findEm = new Regex(@"(?<=Sample)(?<SampleNo>\d+)(?<Start>\[)(?<Data>.*?)(?<End>\])");
string input = "Sample1[Model:M1; Year:1990]";
Match m = findEm.Match(input);
if (m.Success)
{
Console.WriteLine("Sample {0}: {1}{2}{3}\n {4}, {5}",
m.Groups["SampleNo"].Value,
m.Groups["Start"].Value,
m.Groups["Data"].Value,
m.Groups["End"].Value,
m.Groups["Start"].Index,
m.Groups["End"].Index);
}
Result:
Sample 1: [Model:M1; Year:1990]
7, 27
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|