Real Software Forums
http://forums.realsoftware.com/

Security issue writing BACK to database file on Window 7 onl
http://forums.realsoftware.com/viewtopic.php?f=6&t=37083
Page 1 of 1

Author:  jasmatuphcreations [ Fri Jan 14, 2011 10:54 pm ]
Post subject:  Security issue writing BACK to database file on Window 7 onl

Hi all,

I've been developing my app on Windows XP and tested on various other Window XP machines and all working properly, however I just installed it on a mate WIndows 7 machine and some strange things occured.

1) When I run the app it can not write any data to the database file, says it is READ ONLY. The DropObject of a folder is active and goes through the process but ofcourse can't add the data.

2) I then run the app again AS ADMINISTRATOR (Windows 7 option), it gives full access to the database file, writing data back ok, except now the DropObject does not work, you attempt to drag and drop the folder on the listbox, and usually it turns into a rectangle with the cursor arrow, but it does allow it.

Has anyone come across this, or my mates PC possesed by the devil, I have another mate with windows 7 so I will check it out on his pc this week.

Cheers

Author:  jefftullin [ Sat Jan 15, 2011 4:14 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

Do you have the database file in APPLICATIONDATA (The right place), or local to the app?

Author:  pbart [ Sun Jan 16, 2011 12:54 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

When you are developing for windows, get into the habit of storing any user data in the USER/APPLICATIONDATA folder.

Windows XP would give you access to all sorts of places that you shouldn't be playing with (unless you know what you are doing ), when Vista came along this was rectified.

Now you can almost consider Vista and 7 to be like Linux. You need to be logged in with an admin account if you are modifying files in c:/program files, and even then, if UAC has not been modified, you will still need to run the app as administrator.

Author:  dtrotter [ Thu Jan 20, 2011 5:23 pm ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

Or you can write a small app that executes the desired commands invoking UAC. I had to write data to the registry for an app I wrote and as pbart said XP let me write anywhere if I was launching the app as an admin, but thanks to UAC in Vista and 7 I had to write the app to handle the UAC crap for me. Let me try to explain what I did.

When I execute a command that UAC blocks, I check the OS version. If it is XP I execute it like I normally would. If it is Windows Vista or Windows 7, I call a method that has the following code in it (that calls a small app to make the changes):

Soft Declare Function ShellExecuteExW Lib "Shell32" ( info as Ptr ) as Boolean
Soft Declare Function ShellExecuteExA Lib "Shell32" ( info as Ptr ) as Boolean

dim info as new MemoryBlock( 15 * 4 )
dim verb as new MemoryBlock( 32 )
dim file as new MemoryBlock( 260 * 2 )

info.Long( 0 ) = info.Size
'info.Long( 8 ) = self.Handle
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
verb.WString( 0 ) = "runas"
file.WString( 0 ) = "c:\path\to\my executable\app.exe" 'this exe is the helper app and should do nothing more than execute the code UAC is trying to block
else
verb.CString( 0 ) = "runas"
file.CString( 0 ) = "c:\path\to\my executable\app.exe"
end if
info.Ptr( 12 ) = verb
info.Ptr( 16 ) = file

Const SW_SHOWNORMAL = 1
info.Long( 28 ) = SW_SHOWNORMAL

dim ret as Boolean
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
ret = ShellExecuteExW( info )
else
ret = ShellExecuteExA( info )
end if


The above method executes the 'helper' app with elevated permissions (gives you the UAC popup asking if its ok to run).

In my case, this was for adding a special registry key for locking down some features in IE, so all my helper app did was add the key and exit. I am happy to go into more detail with you, so let me know if you need more assistance.

D

Author:  markwalsh [ Thu Jan 20, 2011 6:54 pm ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

This same thing happened to me once. If it's any help, here's the thread I posted:
http://forums.realsoftware.com/viewtopic.php?f=3&t=35936

I also started this thread after it appeared to me that it may have been a file permissions issue, and not a database issue:
http://forums.realsoftware.com/viewtopic.php?f=6&t=36350&start=0

Author:  dtrotter [ Fri Jan 21, 2011 12:47 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

It is most likely UAC, and not an true issue at all(meaning nothing is wrong with files, permissions or your code necessarily). It may appear to bean issue, but is protecting certain directories and parts of the OS. Using the code above WILL work IF you are having this problem because of UAC (User Access Control) which was NOT part of XP but was introduced in Vista and is in 7 as well.

Author:  jasmatuphcreations [ Mon Jan 24, 2011 4:27 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

Thankyou all for your posts.

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers

Author:  dtrotter [ Mon Jan 24, 2011 8:10 pm ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

jasmatuphcreations wrote:
Thankyou all for your posts.

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers


You can turn off UAC if you want to, and it is possible that he has. I know I have it disabled on my work machine. Feel free to ping me if you need anything else regarding this - I know I had a pain in the arse time getting it worked out when I first wan into.

Cheers!

Author:  jasmatuphcreations [ Sun Feb 06, 2011 8:42 pm ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

dtrotter wrote:
jasmatuphcreations wrote:
Thankyou all for your posts.

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers


You can turn off UAC if you want to, and it is possible that he has. I know I have it disabled on my work machine. Feel free to ping me if you need anything else regarding this - I know I had a pain in the arse time getting it worked out when I first wan into.

Cheers!


Please E-mail me, see profile. As I installed it on another friends machine and same problem with it makeing the db file read only!What is this with windows 7 and security, they have gone crazy!

Author:  timhare [ Sun Feb 06, 2011 10:44 pm ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

You just need to play by the new rules. If UAC is getting in your way, then you have not installed the db in the correct place. Where did you put the db file?

Author:  pbart [ Sun Feb 06, 2011 11:02 pm ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

As I said in a previous post

When you are developing for windows, get into the habit of storing any user data in the USER/APPLICATIONDATA folder

It is possible to change folder permissions using an installer (i.e. Inno Setup), but I would avoid that.

UAC is there to provide security and to stop people from breaking the opperating system, as Tim said, you need to play by the new rules.

Author:  jasmatuphcreations [ Mon Feb 07, 2011 12:55 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

timhare wrote:
You just need to play by the new rules. If UAC is getting in your way, then you have not installed the db in the correct place. Where did you put the db file?


Installed from memory to :

C:\Windows (x86)\Program Files\My New App\

My file was saved to ;

C:\Windows (x86)\Program Files\My New App\Data\mydatafile.db

As the logic in the app looks for the child DATA in the installed folder, by default my installed tries for C:\Program Files\My New App\

Are you suggesting testing for Windows 7 and installing in a different preferred directory? C:\..User\ApplicationData\MyNewApp\

Cheers.

Author:  timhare [ Mon Feb 07, 2011 1:09 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

Your app does not have write access to Program Files. As pbart said, you should put any files that are writable in Application Data.

Author:  timhare [ Mon Feb 07, 2011 1:10 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

Actually, you shouldn't write to Program Files on any version of Windows. It's bad form. Application Data is there for a reason.

Author:  charonn0 [ Mon Feb 07, 2011 7:12 am ]
Post subject:  Re: Security issue writing BACK to database file on Window 7

As has been stated, programs should never store their data in the Program Files directory but rather in the user's Application Data directory (SpecialFolder.ApplicationData) or if the data needs to be available to all users then in the All User's Application Data directory (SpecialFolder.SharedApplicationData.) This rule has been in effect since at least Windows NT 4 but has only been actively enforced starting with Windows Vista.

Only an Administrator-level user who has elected to invoke elevated access rights (via UAC) has write permission to the Program Files directory, so you might decide to keep the data in the Program Files directory and just require that the user be an Admin and click through (or disable!) UAC. This will have consequences and side effects, one of which you have already experienced with drag and drop. An application running with elevated rights is protected from applications with lower rights who might try to send it malicious data (such as simulating a drag and drop.) Other types of communication between processes running without elevated rights and you application might also be blocked or curtailed.

Page 1 of 1 All times are UTC - 5 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/