AW: Where to put on windows an option file accessable for all users?

Tiemo Hollmann TB toolbook at kestner.de
Tue Jul 7 06:08:38 EDT 2015


Hi Peter,

hmmm, never thought about that it could be a design fault.

Beside real user based options I keep some general options in my option
file, like the path to video files, or a flag if the software should look
automatically for updates. If I think about schools, where different users
can log in the same computer, that’s why I wanted to keep one option file
for all users.
But if I follow your hint, I would have to split this option file into an
"admin-options-file", which is only accessible for the admin and a
"user-options-file", which is stored in the user files.
Would you agree to this approach or do you see a chance to keep a single
options file which works in multi-user environments as on a private
single-user computer?
Tiemo


-----Ursprüngliche Nachricht-----
Von: use-livecode [mailto:use-livecode-bounces at lists.runrev.com] Im Auftrag
von Peter TB Brett
Gesendet: Dienstag, 7. Juli 2015 11:43
An: How to use LiveCode
Betreff: Re: Where to put on windows an option file accessable for all
users?

On 2015-07-07 10:12, Tiemo Hollmann TB wrote:

> I have an option file, which should be read/writable for all users.

Hi Tiemo,

Please note that this goes against security best practice.  
Configuration files that are readable by all users should only be writable
to privileged users, i.e. administrators.  If all users can read and write a
single configuration file, this is very often an exploitable security flaw.

If at all possible, I recommend to design your software so that each user
gets his or her own configuration file.  The "virtualisation" that you are
complaining about is actually a security *feature* in Windows in order to
work around flaws in older software that attempts to use a single, "all
users" configuration file!

                                         Peter

--
Dr Peter Brett <peter.brett at livecode.com> LiveCode Engine Development Team


_______________________________________________
use-livecode mailing list
use-livecode at lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the Use-livecode mailing list