Real Software Forums

The forum for Real Studio and other Real Software products.
[ REAL Software Website | Board Index ]
It is currently Mon Dec 09, 2019 11:19 am
xojo

All times are UTC - 5 hours




Post new topic Reply to topic  [ 15 posts ] 
Author Message
 Post subject: Security issue writing BACK to database file on Window 7 onl
PostPosted: Fri Jan 14, 2011 10:54 pm 
Offline

Joined: Fri May 07, 2010 9:40 pm
Posts: 37
Hi all,

I've been developing my app on Windows XP and tested on various other Window XP machines and all working properly, however I just installed it on a mate WIndows 7 machine and some strange things occured.

1) When I run the app it can not write any data to the database file, says it is READ ONLY. The DropObject of a folder is active and goes through the process but ofcourse can't add the data.

2) I then run the app again AS ADMINISTRATOR (Windows 7 option), it gives full access to the database file, writing data back ok, except now the DropObject does not work, you attempt to drag and drop the folder on the listbox, and usually it turns into a rectangle with the cursor arrow, but it does allow it.

Has anyone come across this, or my mates PC possesed by the devil, I have another mate with windows 7 so I will check it out on his pc this week.

Cheers


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Sat Jan 15, 2011 4:14 am 
Offline
User avatar

Joined: Wed Nov 15, 2006 3:50 pm
Posts: 2353
Location: England
Do you have the database file in APPLICATIONDATA (The right place), or local to the app?


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Sun Jan 16, 2011 12:54 am 
Offline
User avatar

Joined: Sat Oct 10, 2009 6:40 am
Posts: 332
When you are developing for windows, get into the habit of storing any user data in the USER/APPLICATIONDATA folder.

Windows XP would give you access to all sorts of places that you shouldn't be playing with (unless you know what you are doing ), when Vista came along this was rectified.

Now you can almost consider Vista and 7 to be like Linux. You need to be logged in with an admin account if you are modifying files in c:/program files, and even then, if UAC has not been modified, you will still need to run the app as administrator.

_________________
Regards
Paul
Windows 7 32bit
RB 2010 4.1


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Thu Jan 20, 2011 5:23 pm 
Offline

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
Location: Colorado, USA
Or you can write a small app that executes the desired commands invoking UAC. I had to write data to the registry for an app I wrote and as pbart said XP let me write anywhere if I was launching the app as an admin, but thanks to UAC in Vista and 7 I had to write the app to handle the UAC crap for me. Let me try to explain what I did.

When I execute a command that UAC blocks, I check the OS version. If it is XP I execute it like I normally would. If it is Windows Vista or Windows 7, I call a method that has the following code in it (that calls a small app to make the changes):

Soft Declare Function ShellExecuteExW Lib "Shell32" ( info as Ptr ) as Boolean
Soft Declare Function ShellExecuteExA Lib "Shell32" ( info as Ptr ) as Boolean

dim info as new MemoryBlock( 15 * 4 )
dim verb as new MemoryBlock( 32 )
dim file as new MemoryBlock( 260 * 2 )

info.Long( 0 ) = info.Size
'info.Long( 8 ) = self.Handle
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
verb.WString( 0 ) = "runas"
file.WString( 0 ) = "c:\path\to\my executable\app.exe" 'this exe is the helper app and should do nothing more than execute the code UAC is trying to block
else
verb.CString( 0 ) = "runas"
file.CString( 0 ) = "c:\path\to\my executable\app.exe"
end if
info.Ptr( 12 ) = verb
info.Ptr( 16 ) = file

Const SW_SHOWNORMAL = 1
info.Long( 28 ) = SW_SHOWNORMAL

dim ret as Boolean
if System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then
ret = ShellExecuteExW( info )
else
ret = ShellExecuteExA( info )
end if


The above method executes the 'helper' app with elevated permissions (gives you the UAC popup asking if its ok to run).

In my case, this was for adding a special registry key for locking down some features in IE, so all my helper app did was add the key and exit. I am happy to go into more detail with you, so let me know if you need more assistance.

D


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Thu Jan 20, 2011 6:54 pm 
Offline

Joined: Wed May 20, 2009 4:43 pm
Posts: 958
This same thing happened to me once. If it's any help, here's the thread I posted:
http://forums.realsoftware.com/viewtopic.php?f=3&t=35936

I also started this thread after it appeared to me that it may have been a file permissions issue, and not a database issue:
http://forums.realsoftware.com/viewtopic.php?f=6&t=36350&start=0

_________________
RB 2009r4 Windows XP


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Fri Jan 21, 2011 12:47 am 
Offline

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
Location: Colorado, USA
It is most likely UAC, and not an true issue at all(meaning nothing is wrong with files, permissions or your code necessarily). It may appear to bean issue, but is protecting certain directories and parts of the OS. Using the code above WILL work IF you are having this problem because of UAC (User Access Control) which was NOT part of XP but was introduced in Vista and is in 7 as well.


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Mon Jan 24, 2011 4:27 am 
Offline

Joined: Fri May 07, 2010 9:40 pm
Posts: 37
Thankyou all for your posts.

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Mon Jan 24, 2011 8:10 pm 
Offline

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
Location: Colorado, USA
jasmatuphcreations wrote:
Thankyou all for your posts.

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers


You can turn off UAC if you want to, and it is possible that he has. I know I have it disabled on my work machine. Feel free to ping me if you need anything else regarding this - I know I had a pain in the arse time getting it worked out when I first wan into.

Cheers!


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Sun Feb 06, 2011 8:42 pm 
Offline

Joined: Fri May 07, 2010 9:40 pm
Posts: 37
dtrotter wrote:
jasmatuphcreations wrote:
Thankyou all for your posts.

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers


You can turn off UAC if you want to, and it is possible that he has. I know I have it disabled on my work machine. Feel free to ping me if you need anything else regarding this - I know I had a pain in the arse time getting it worked out when I first wan into.

Cheers!


Please E-mail me, see profile. As I installed it on another friends machine and same problem with it makeing the db file read only!What is this with windows 7 and security, they have gone crazy!


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Sun Feb 06, 2011 10:44 pm 
Offline

Joined: Fri Jan 06, 2006 3:21 pm
Posts: 12388
Location: Portland, OR USA
You just need to play by the new rules. If UAC is getting in your way, then you have not installed the db in the correct place. Where did you put the db file?


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Sun Feb 06, 2011 11:02 pm 
Offline
User avatar

Joined: Sat Oct 10, 2009 6:40 am
Posts: 332
As I said in a previous post

When you are developing for windows, get into the habit of storing any user data in the USER/APPLICATIONDATA folder

It is possible to change folder permissions using an installer (i.e. Inno Setup), but I would avoid that.

UAC is there to provide security and to stop people from breaking the opperating system, as Tim said, you need to play by the new rules.

_________________
Regards
Paul
Windows 7 32bit
RB 2010 4.1


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Mon Feb 07, 2011 12:55 am 
Offline

Joined: Fri May 07, 2010 9:40 pm
Posts: 37
timhare wrote:
You just need to play by the new rules. If UAC is getting in your way, then you have not installed the db in the correct place. Where did you put the db file?


Installed from memory to :

C:\Windows (x86)\Program Files\My New App\

My file was saved to ;

C:\Windows (x86)\Program Files\My New App\Data\mydatafile.db

As the logic in the app looks for the child DATA in the installed folder, by default my installed tries for C:\Program Files\My New App\

Are you suggesting testing for Windows 7 and installing in a different preferred directory? C:\..User\ApplicationData\MyNewApp\

Cheers.


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Mon Feb 07, 2011 1:09 am 
Offline

Joined: Fri Jan 06, 2006 3:21 pm
Posts: 12388
Location: Portland, OR USA
Your app does not have write access to Program Files. As pbart said, you should put any files that are writable in Application Data.


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Mon Feb 07, 2011 1:10 am 
Offline

Joined: Fri Jan 06, 2006 3:21 pm
Posts: 12388
Location: Portland, OR USA
Actually, you shouldn't write to Program Files on any version of Windows. It's bad form. Application Data is there for a reason.


Top
 Profile  
Reply with quote  
 Post subject: Re: Security issue writing BACK to database file on Window 7
PostPosted: Mon Feb 07, 2011 7:12 am 
Offline
User avatar

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
As has been stated, programs should never store their data in the Program Files directory but rather in the user's Application Data directory (SpecialFolder.ApplicationData) or if the data needs to be available to all users then in the All User's Application Data directory (SpecialFolder.SharedApplicationData.) This rule has been in effect since at least Windows NT 4 but has only been actively enforced starting with Windows Vista.

Only an Administrator-level user who has elected to invoke elevated access rights (via UAC) has write permission to the Program Files directory, so you might decide to keep the data in the Program Files directory and just require that the user be an Admin and click through (or disable!) UAC. This will have consequences and side effects, one of which you have already experienced with drag and drop. An application running with elevated rights is protected from applications with lower rights who might try to send it malicious data (such as simulating a drag and drop.) Other types of communication between processes running without elevated rights and you application might also be blocked or curtailed.

_________________
Boredom Software


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC - 5 hours


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group