access-control

In MATLAB, can a class method act as a uicontrol callback without being public?

In MATLAB 2008a, is there a way to allow a class method to act as a uicontrol callback function without having to make the method public? Conceptually, the method should not be public because it should never be called by a user of the class. It should only be called as a result of a UI event triggering a callback. However, if I set th...

Role Based Access Control

Are there any open source PHP-based role-based access control system that can be used for a codeigniter framework? ...

Custom role based Web Service access

Our CMS implements its own role based access control for content management and what not, much like all the other CMSs out there ;) I've recently been playing around with the idea of trying to implement an extension of this access control into our web service api, with the eventual idea of choosing which users have access to what method...

Best Role-Based Access Control (RBAC) database model

What is the best database schema to track role-based access controls for a web application? I am using Rails, but the RBAC plugin linked by Google looks unmaintained (only 300 commits to SVN; latest was almost a year ago). The concept is simple enough to implement from scratch, yet complex and important enough that it's worth getting r...

How can I do access control via an SQL table?

I'm trying to create an access control system. Here's a stripped down example of what the table I'm trying to control access to looks like: things table: id group_id name 1 1 thing 1 2 1 thing 2 3 1 thing 3 4 1 thing 4 5 2 thing 5 And the access control table looks like...

PHP Access Control System

Hi. I am part of a team creating a web application using PHP and MySQL. The application will have multiple users with different roles. The application will also be used in a geographically distributed manner. Accordingly we need to create an access control system that operates at the following two levels: Controls user permissions fo...

Enabling controls at moment of opening a form in Access

I have a form whose controls I want to enable/disable depending on the values in a ComboBox control. This ComboBox control is linked, like all the other controls in the form, to a table. Inside the ComboBox's Change event, I placed the code that enables/disables the other controls. The problem I have is that when I open the form, the ...

How to correctly open a FileStream for usage with an XDocument

I want to append some nodes to an xml document using Linq2XML. The file in question is being used by other processes and they should be able to read the file while I update it. So I came up with this solution, which obviously isn't the correct way (The method doc.Save() fails and says that another process is using the file): using (File...

Security and Access control in a MVC application

I have only recently started working with the MVC approach, so I suppose this is an easy one for you gurus here: Where do I put access control? In a view? I don't want to have any logic besides switches and flags in my templates, so that sounds like the least viable option In the model? Should each business object decide what data it ...

Browser application & local file system access

I want to enhance my browser-based web application with functionality that enables management of local files and folders. E.g. folder tree structures should be synchronized between local workstation and server via HTTP(S). I am aware of security-related limitations in browser-based applications. However, there are some techniques that "...

Securing Windows Service Applications

Is there any way to restrict users with administrative privileges from managing specific Windows service based applications? I would like to restrict administrators from stopping or re-starting my service very similar to the Windows event log service. What are some of the more popular approaches or recommended approaches to securing serv...

Rails User Access Plugins

There are a lot of rails plugins out there that handle user permissions. I'm impressed with the implementation in the hobo gem, but I'm not sure if I can use just this feature and not the other parts. GateKeeper is a really clever implementation, but has some bugs, though it's small enough I could probably fix it myself. Restful_ACL g...

How do I interact with a kerberos server from my own application

My network has a kerberos server for username/password authentication. Machines that run my application have functioning kerberos clients, so users can use kinit, etc. How do I interact with the server programatically, from my own custom applications? The preferred language for an example is C. I want users of my application to authen...

Setting database and access control permissions

Hi. I am part of a team creating a web application using PHP and MySQL. The application will have multiple users with different roles. The application will also be used in a geographically distributed manner. Accordingly we need to create an access control system that controls user permissions for specific database records i.e. modifi...

ACL for a network device

Hi, I need to implement ACL based authentication mechanism for a device. This device can be accessed through various interfaces like web pages, TL1 (basically through some command prompt) etc. I need to keep ACL logic centralized so that request from any interface can be authenticated. ACL logic would basically check whether the logg...

Password protection for ASP.NET web pages?

I am trying to implement the simplest shared 'files' folder for a website but wish to have a 'reasonable' level of access control - i.e no casual multimegabyte uploads from passing hoi-polloi. Users are given a password etc. They then log-in, once credentials are successfully checked, they are given one of two possible access rights - r...

How should I be implementing my ACL in a web application?

I've been thinking about the web app I'm about to begin developing and wondering whether my usual approach could be improved. In my last few apps I've created a table (see below) of roles (such as CREATE POST, EDIT POST etc.) which each have a bitfield applied to them so I can simply assign a user certain rights in registration and chec...

Accessing DCOM Security with System.Security.AccessControl possible?

I know that the DCOM topic has been discussed a couple of times already. However, I am not satisfied with the solutions that are available (yet). This is why I start a new question here. Every knows by now that The Access Control Lists (ACL) that store information about which users may do what with applications are stored in the registr...

Enable/disable hardware w/o Admin rights on Vista?

Hi, I've been asked to provide a program/script/whatever that enables or disables the CD/DVD drive USB ports Floppy (!) drive devices without requiring admin rights, that is, that can be run by a 'normal' user. Ideally, something like a command line utility: C:> foobar cdrom /disable Any pointers, hints or clues gratefully accepte...

What is best practice for 'private' public URLs?

What is considered best practice to generate a URL that is publicly accessible, but shared via a side channel, so that it is in practice private to the group sharing it? Something like: http://example.com/club/XX-XX-XX-XX http://example.com/club/YY-YY-YY-YY Where XX-XX-XX-XX shared among one group, and YY-YY-YY-YY is shared by another...