I have a minimum-trust AppDomain that is calling (across a remoting boundary) methods in a full trust assembly in a full trust AppDomain. However I am getting lots of security exceptions when making these method calls. It would appear that the minimum-trust 'sandbox' is propagating up the stack its minimal security privileges onto the f...
I've been working on making my app easier to use for administrators. One of the things I'd really like to do is allow admins to modify other user's settings from within the program -- while still making it possible for regular ol' users to modify their own settings, as my application isn't necessarily only for administrators who want to ...
I'm trying to enable and disable certain access privileges on a file. I figured out that to do this, you have to mess with DACLs. I'm using the following code to modify the file's DACL: void set_DACL_for_object(const char *object, SE_OBJECT_TYPE object_type, int access_perms, int access_mode) { PACL pDA...
Hi All I'm getting a rather frustrating error from Business Intelligence Development Studio (Visual Studio 2008). I have a report that contains 4 sub-reports, these sub-reports may or may not contain data, and as such their HIDDEN property is controlled by an expression: =IIF(ReportItems![SOME TEXT BOX].Value = 0, TRUE, FALSE) The co...
I need to allow a consultant to connect to SSIS on a SQL Server 2008 box without making him a local administrator. If I add him to the local administrators group, he can connect to SSIS just fine, but it seems that I can't grant him enough permissions through SQL Server to give him these rights without being a local admin. I've added hi...
Hi. I moved from a shared hosting to a VPS a few weeks ago and I'm having these annoying permission issues with WordPress. You know you can download and upgrade plugins (and wordpress itself) from the admin panel, but since I moved it started asking me my FTP credentials, which is kinda slow when I have to update ~20 plugins. I think th...
Does anyone know a simple way to grant extended permissions from a canvas page that is rendered as an Iframe in facebook? I have tried facebook connect and that does not seem to work so now I am trying XFBML but for some reason when I use the prompt-permission attribute it does not open dialogs for the extended permissions that I am re...
The site I am working with has a somewhat convoluted way with dealing with users and permissions. These are the user types: User Facility Approver Facility Admin Corporate Approver Corporate Admin Now there are also facilities, and that is where these permission levels come into play. Facilities are linked to users and user levels ...
We have a 3rd-party app that wants to call a stored proc using SQL 2005-style "schema" syntax: Customer.InsertNewOrder This db is still on SQL 2000, though, so we're trying to make it "look" like a SQL 2005 schema, and still work right (with minimum necessary permissions). So we: Created a user called "Customer" Created the stored p...
Many of my employers applications share a similar internal permission structure for restricting data to a specific set of users or groups. Groups can also be nested. The problem we're currently facing with this approach is that enumerating the permissions is incredibly slow. The current method uses a stored procedure with many cursors a...
I'm having a really strange and frustrating issue. On one page, an existing and often used one, I have this query: SELECT COUNT(*) AS count FROM uvusers WHERE vdate IS NULL It works exactly as expected and always has. On a new page I'm working on, I have this query: SELECT COUNT(*) AS count FROM uvusers WHERE vdate IS NULL This gen...
I have a SQL Server Reporting Services site that I can get to by https://localserver/reports Now when for setting permissions on each folder and report item or datasource item in that folder I have to click on the "properties" then "security" of the item, and then assign the appropriate permissions. It's just that there are hundreds of i...
When an application saves a file, a typical model is to save the file to a temporary location, then move the temporary file to the final location. In some cases that "move" becomes "replace". In pseudo code: Save temp file; if final file exists delete final file; move temp file to final filename; There's a window in there where ...
Hello everyone, I am using Windows Vista and I find something strange, I programatically invoke IE to open IE to access some local html page, the current user belongs to administrator group; I programatically invoke IE with RunAs parameter, and let IE to access access some local html page, the current user belongs to administrator g...
I'm attempting to use powershell to access a remote registry like so: $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine", $server) $key = $reg.OpenSubkey($subkeyPath) Depending on some factors that I'm not yet able to determine I either get Exception calling "OpenSubKey" with "1" argument(s): "Requested registr...
Users will be remotely accessing ***nix based machines via SSH and I need to determine the fastest way to check if the username that they are currently using has NOPASSWD access in the /etc/sudoers file. Possible options: grep for the username in /etc/sudoers, parse command prompt output to determine if it has NOPASSWD, if not, remove...
The server hosting csharpindepth.com has recently been migrated. Most of it is working fine, but I can't get at the database used to hold errata, notes etc. Relevant details: 32 bit Windows Server 2003 SQL Server Express 2005 installed ASP.NET pool running under "NETWORK SERVICE" account .NET 3.5 Everyone has full permission to datab...
I'm trying to run an executable (.exe) from LAN without allowing users access to the contents of the LAN folder itself. e.g. 1) User clicks on a link in their email to an executable at a folder path e.g. I:\Folder A\setup.exe 2) On clicking the link, the installer runs 3) If user tries to access the folder i.e. I:\Folder A\, they are ...
I am developing two projects which are both managed by ClearCase, which means that for Windows, it looks like they are located on a network share. The first project is a DLL written using VS 2003 in managed C++ and is intended to provide a managed interface for some legacy DLLs written in VS2003 C++. The second project is written in C#...
Hi, I'm looking for a way to prevent a user in SharePoint from deleting his MySite or be more precise from deleting the MySite's root web site. If I could archive this, I could place some lists the user will also not be allowed to delete. I first thought about taking the user the right to delete sites but I think this will prevent him...