Hi, we're developing a web app to cover all aspects of a printing company from finances, to payroll, to job costing. Its important to be able to control who can access what parts of these applications. Don't want a line employee giving himself a raise, etc... I've heard of the concept of ACL & ACO, but haven't found a good example tha...
I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which has helped fill in many of the gaps. His examples seem to conflict with others I've seen though in a few places - specifically in the ARO tree...
My app is installed via NSIS. I want the installer to install the program for all users. I can do this, by installing to the 'program files' directory. There is a database file (firebird), that all user accounts on the system should share. If I store this database file in the 'program files' directory it will be read only. If I st...
I just wanted to compare different solutions used when implementing ACLs in Rails. ...
Hi All, I need to perform a SNMP Set operation in a printer in the network which as an Access Control List configured (ACL) and my host's IP Address is not in the ACL table. I'm getting a strange behavior: When I have a SNMPv1 Set community name configured, I am ONLY able to perform a SNMP Set if my host ip is in the ACL table. If there...
I've a windows service that updates our product. It copies the product files into a temp directory, usually "C:\Windows\Temp", patches the binaries, and then uses MoveFileEx to copy the files back to the install directory on a reboot, usually "C:\Program Files\Product". The files in the install directory are inheriting their security att...
I'm copying a file from folder A to folder B and then trying to copy the file permisions. Here are the basic steps I'm using: CopyFile(source, target) GetNamedSecurityInfo(source, GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION) Print source SD using ConvertSecurityDescriptorToStringSecurityDescriptor SetNamedSecurityInfo(target...
Hi, If a company often requires users to be created in a partner's active directory, and vice versa, does it make sense to set up a federated / trusted relationship between the AD instances? If so, what should be considered? Does the ACL for users in the partner AD still work the same way? What security risks does this expose? Thanks! ...
I've got some code that basically does: GetNamedSecurityInfoW (<some file>,dacl only) build a new ACL with the info from #1 and an additional ACE to allow local Administrators full control SetNamedSecurityInfoW (<the same file>,the new dacl) The dacl from #1 contains 4 ACEs: grant: mask(0x001F01FF), flags(0x00000010): S-1-5-18 (NT A...
Hello everybody, I am thinking hard about how to play with access rights on several platforms. Now I am reaching Microsoft Windows and permissions on NTFS files/directories. I must say that I am working in C language. My question is pretty general. I have a username and a file path. Do I need more information to check if the user has ...
There are a lot of rails plugins out there that handle user permissions. I'm impressed with the implementation in the hobo gem, but I'm not sure if I can use just this feature and not the other parts. GateKeeper is a really clever implementation, but has some bugs, though it's small enough I could probably fix it myself. Restful_ACL g...
How do you make the authentication for a browser-based application dependent on the client machine? Say the admin can login only from this machine. Assumptions: There is complete control over the network and all machines (client and server) involved. I am looking for an apache/linux solution. ...
In reference to my other question, I'm looking for a good php-based ACL class that I can integrate into ExpressionEngine to get better support for member access control. So far I'm looking at the Zend Framework ACL class. Is anyone using anything else they recommend? Thanks! ...
If I am to follow What should a developer know before building a public web site? on authentication, then what options do I have ? I have never used PEAR, and I'm not about to start. I have read about phpGALC but have yet to try it. After the authentication do rights/access level kick in. I'm not a big fan of using a single tinyint val...
Hi, I need to implement ACL based authentication mechanism for a device. This device can be accessed through various interfaces like web pages, TL1 (basically through some command prompt) etc. I need to keep ACL logic centralized so that request from any interface can be authenticated. ACL logic would basically check whether the logg...
Running as an elevated admin on Vista SP1, my C# app tries to set the following rule with the following code. No error is produced, but neither is any change on the directory's ACL. What am I missing? public static void Main( string args[] ) { string dirPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonAp...
I'm going to implement an Access Control List for each individual user so they can assign access to their own resources so they can hide stuff, for example, from their mothers, but show their friends. Now storing ACL in a database seems like it can get pretty insane when each user is also a group, which can have many sub groups. So I'm ...
hello, I am currently working on a site that requires use of ACL and seen as I am using Zend it makes sense for my make use of there ACL class but I have little to zero idea of how to do this, I have read the docs but this has confused me further...basically all I want do is set up two user groups e.g. normal and admin, normal users ca...
I've been thinking about the web app I'm about to begin developing and wondering whether my usual approach could be improved. In my last few apps I've created a table (see below) of roles (such as CREATE POST, EDIT POST etc.) which each have a bitfield applied to them so I can simply assign a user certain rights in registration and chec...
Hello, We have a the following structure for our application require_once "Zend/Loader.php"; Zend_Loader::registerAutoload(); $acl = new Zend_Acl(); // application $acl->add(new Zend_Acl_Resource('application1')); // groups $acl->add(new Zend_Acl_Resource('group1'), 'application1'); $acl->add(new Zend_Acl_Resource('group2'), 'applicat...