# Real Software Forums

The forum for Real Studio and other Real Software products.
[ REAL Software Website | Board Index ]
 It is currently Fri Aug 14, 2020 5:29 pm

 All times are UTC - 5 hours

 Page 1 of 1 [ 15 posts ]
 Print view Previous topic | Next topic
Author Message
 Post subject: Security issue writing BACK to database file on Window 7 onlPosted: Fri Jan 14, 2011 10:54 pm

Joined: Fri May 07, 2010 9:40 pm
Posts: 37
Hi all,

I've been developing my app on Windows XP and tested on various other Window XP machines and all working properly, however I just installed it on a mate WIndows 7 machine and some strange things occured.

1) When I run the app it can not write any data to the database file, says it is READ ONLY. The DropObject of a folder is active and goes through the process but ofcourse can't add the data.

2) I then run the app again AS ADMINISTRATOR (Windows 7 option), it gives full access to the database file, writing data back ok, except now the DropObject does not work, you attempt to drag and drop the folder on the listbox, and usually it turns into a rectangle with the cursor arrow, but it does allow it.

Has anyone come across this, or my mates PC possesed by the devil, I have another mate with windows 7 so I will check it out on his pc this week.

Cheers

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Sat Jan 15, 2011 4:14 am

Joined: Wed Nov 15, 2006 3:50 pm
Posts: 2353
Location: England
Do you have the database file in APPLICATIONDATA (The right place), or local to the app?

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Sun Jan 16, 2011 12:54 am

Joined: Sat Oct 10, 2009 6:40 am
Posts: 332
When you are developing for windows, get into the habit of storing any user data in the USER/APPLICATIONDATA folder.

Windows XP would give you access to all sorts of places that you shouldn't be playing with (unless you know what you are doing ), when Vista came along this was rectified.

Now you can almost consider Vista and 7 to be like Linux. You need to be logged in with an admin account if you are modifying files in c:/program files, and even then, if UAC has not been modified, you will still need to run the app as administrator.

_________________
Regards
Paul
Windows 7 32bit
RB 2010 4.1

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Thu Jan 20, 2011 5:23 pm

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
Or you can write a small app that executes the desired commands invoking UAC. I had to write data to the registry for an app I wrote and as pbart said XP let me write anywhere if I was launching the app as an admin, but thanks to UAC in Vista and 7 I had to write the app to handle the UAC crap for me. Let me try to explain what I did.

When I execute a command that UAC blocks, I check the OS version. If it is XP I execute it like I normally would. If it is Windows Vista or Windows 7, I call a method that has the following code in it (that calls a small app to make the changes):

Soft Declare Function ShellExecuteExW Lib "Shell32" ( info as Ptr ) as BooleanSoft Declare Function ShellExecuteExA Lib "Shell32" ( info as Ptr ) as Booleandim info as new MemoryBlock( 15 * 4 )dim verb as new MemoryBlock( 32 )dim file as new MemoryBlock( 260 * 2 )info.Long( 0 ) = info.Size'info.Long( 8 ) = self.Handleif System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then  verb.WString( 0 ) = "runas"  file.WString( 0 ) = "c:\path\to\my executable\app.exe" 'this exe is the helper app and should do nothing more than execute the code UAC is trying to blockelse  verb.CString( 0 ) = "runas"  file.CString( 0 ) = "c:\path\to\my executable\app.exe"end ifinfo.Ptr( 12 ) = verbinfo.Ptr( 16 ) = fileConst SW_SHOWNORMAL = 1info.Long( 28 ) = SW_SHOWNORMALdim ret as Booleanif System.IsFunctionAvailable( "ShellExecuteExW", "Shell32" ) then  ret = ShellExecuteExW( info )else  ret = ShellExecuteExA( info )end if

The above method executes the 'helper' app with elevated permissions (gives you the UAC popup asking if its ok to run).

In my case, this was for adding a special registry key for locking down some features in IE, so all my helper app did was add the key and exit. I am happy to go into more detail with you, so let me know if you need more assistance.

D

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Thu Jan 20, 2011 6:54 pm

Joined: Wed May 20, 2009 4:43 pm
Posts: 958
This same thing happened to me once. If it's any help, here's the thread I posted:
http://forums.realsoftware.com/viewtopic.php?f=3&t=35936

I also started this thread after it appeared to me that it may have been a file permissions issue, and not a database issue:
http://forums.realsoftware.com/viewtopic.php?f=6&t=36350&start=0

_________________
RB 2009r4 Windows XP

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Fri Jan 21, 2011 12:47 am

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
It is most likely UAC, and not an true issue at all(meaning nothing is wrong with files, permissions or your code necessarily). It may appear to bean issue, but is protecting certain directories and parts of the OS. Using the code above WILL work IF you are having this problem because of UAC (User Access Control) which was NOT part of XP but was introduced in Vista and is in 7 as well.

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Mon Jan 24, 2011 4:27 am

Joined: Fri May 07, 2010 9:40 pm
Posts: 37

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Mon Jan 24, 2011 8:10 pm

Joined: Wed Jun 28, 2006 8:41 pm
Posts: 136
jasmatuphcreations wrote:

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers

You can turn off UAC if you want to, and it is possible that he has. I know I have it disabled on my work machine. Feel free to ping me if you need anything else regarding this - I know I had a pain in the arse time getting it worked out when I first wan into.

Cheers!

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Sun Feb 06, 2011 8:42 pm

Joined: Fri May 07, 2010 9:40 pm
Posts: 37
dtrotter wrote:
jasmatuphcreations wrote:

The data is in the correct directory, it's the permissions on the file/folder cuasing the problem.

I went to another friends house who has Windows 7, and what do you know install all ok, works like a charm. How it should!

The other guy likes to tinker with his machine, and god knows what permissions he has set up here and there.

Cheers

You can turn off UAC if you want to, and it is possible that he has. I know I have it disabled on my work machine. Feel free to ping me if you need anything else regarding this - I know I had a pain in the arse time getting it worked out when I first wan into.

Cheers!

Please E-mail me, see profile. As I installed it on another friends machine and same problem with it makeing the db file read only!What is this with windows 7 and security, they have gone crazy!

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Sun Feb 06, 2011 10:44 pm

Joined: Fri Jan 06, 2006 3:21 pm
Posts: 12388
Location: Portland, OR USA
You just need to play by the new rules. If UAC is getting in your way, then you have not installed the db in the correct place. Where did you put the db file?

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Sun Feb 06, 2011 11:02 pm

Joined: Sat Oct 10, 2009 6:40 am
Posts: 332
As I said in a previous post

When you are developing for windows, get into the habit of storing any user data in the USER/APPLICATIONDATA folder

It is possible to change folder permissions using an installer (i.e. Inno Setup), but I would avoid that.

UAC is there to provide security and to stop people from breaking the opperating system, as Tim said, you need to play by the new rules.

_________________
Regards
Paul
Windows 7 32bit
RB 2010 4.1

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Mon Feb 07, 2011 12:55 am

Joined: Fri May 07, 2010 9:40 pm
Posts: 37
timhare wrote:
You just need to play by the new rules. If UAC is getting in your way, then you have not installed the db in the correct place. Where did you put the db file?

Installed from memory to :

C:\Windows (x86)\Program Files\My New App\

My file was saved to ;

C:\Windows (x86)\Program Files\My New App\Data\mydatafile.db

As the logic in the app looks for the child DATA in the installed folder, by default my installed tries for C:\Program Files\My New App\

Are you suggesting testing for Windows 7 and installing in a different preferred directory? C:\..User\ApplicationData\MyNewApp\

Cheers.

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Mon Feb 07, 2011 1:09 am

Joined: Fri Jan 06, 2006 3:21 pm
Posts: 12388
Location: Portland, OR USA
Your app does not have write access to Program Files. As pbart said, you should put any files that are writable in Application Data.

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Mon Feb 07, 2011 1:10 am

Joined: Fri Jan 06, 2006 3:21 pm
Posts: 12388
Location: Portland, OR USA
Actually, you shouldn't write to Program Files on any version of Windows. It's bad form. Application Data is there for a reason.

Top

 Post subject: Re: Security issue writing BACK to database file on Window 7Posted: Mon Feb 07, 2011 7:12 am

Joined: Mon Apr 02, 2007 2:08 am
Posts: 1225
Location: San Francisco, CA, USA
As has been stated, programs should never store their data in the Program Files directory but rather in the user's Application Data directory (SpecialFolder.ApplicationData) or if the data needs to be available to all users then in the All User's Application Data directory (SpecialFolder.SharedApplicationData.) This rule has been in effect since at least Windows NT 4 but has only been actively enforced starting with Windows Vista.

Only an Administrator-level user who has elected to invoke elevated access rights (via UAC) has write permission to the Program Files directory, so you might decide to keep the data in the Program Files directory and just require that the user be an Admin and click through (or disable!) UAC. This will have consequences and side effects, one of which you have already experienced with drag and drop. An application running with elevated rights is protected from applications with lower rights who might try to send it malicious data (such as simulating a drag and drop.) Other types of communication between processes running without elevated rights and you application might also be blocked or curtailed.

_________________
Boredom Software

Top

 Display posts from previous: All posts1 day7 days2 weeks1 month3 months6 months1 year Sort by AuthorPost timeSubject AscendingDescending
 Page 1 of 1 [ 15 posts ]

 All times are UTC - 5 hours

 You cannot post new topics in this forumYou cannot reply to topics in this forumYou cannot edit your posts in this forumYou cannot delete your posts in this forum

Search for:
 Jump to:  Select a forum ------------------ General    General    Getting Started    Networking    Databases    Visual Basic to REAL Studio Conversion    Games    Plugins    Tips    Web Control SDK Platform Specific    Windows    Macintosh    Linux    Web Other Topics    Announcements    Off-Topic    Third Party Add-ons