tags:

views:

68

answers:

2
+2  Q: 

Auditing desktop application user and securing access to a desktop application

Question is about providing auditing (who used the application, when) and securing (who can launch the application - no fine grain control or data security) a desktop application developed you.

What would you prefer?

  1. Have an authentication mechanism built into your application

    If using this option, we have to include user and password management, login screen, etc. within the application itself.

  2. Use underlying OS for auditing and authenticating

    Here the application needs to be configured after installation such that only users belonging to certain groups can execute the main program or edit the configuration file.

+2  A: 

What would you prefer?

Well, I would prefer option 2.

Option 1 could be doable somehow at some level, but would likely be quite a mess. It has the inherent problem that permissions to any configuration and database files is still determined by the underlying OS. Note that legit users must have write permissions to some kind of database, because they must be able to change their own credentials at least. But unless you do the distinction at the OS level, your only option is to let the database to be writable by everybody, and so it could happen that users who have no right to do anything with the application still have write access to its files. Not good...

Joonas Pulakka  2009-12-14 14:37:16
+1  A: 

I personally use option 2 in combination with a SQL server. I authenticate users using their windows (if it is windows) login token. I usually don't make them re-enter a password just take their login token but that is an option to increase security. Obviously someone could leave their computer unattended and it stops someone jumping on there.

I choose not to use active directory to put users in groups for access to different programs however as it means I have to contact IT to get users added. I find it easier to maintain a table on SQL server granting login tokens access to the program. I would also use an sql server for logging any activity you want as it keeps it simple.

PeteT  2009-12-14 14:53:12

related questions

What considerations should be made before reinventing the wheel?
Is "RTFM" counter-productive?
Best Way to Begin Learning Web Application Design
Non Public Members for C# Interfaces
Where is a good place to find a talented web designer?
How do you begin designing a large system?
Is Single Responsibility Principle a rule of OOP?
Looking for example of Command pattern for UI
Are there good resources on federated software?
Class designer
Resources on wordpress theme-development
Designing a Calendar system like Google Calendar
Design debate: what are good ways to store and manipulate versioned objects?
Good Resources for Relational Database Design
What are the best resources on designing a new language?
Personalized icon next to the URL address in the browser's address bar?
Generating Icon Files
Best WYSIWYG CSS editor?
MVC pattern question: Who has what? who calls what?
Javascript and PHP - Login Script with hidden buttons
Icons: How does a developer with no design skill make his/her application icons look pretty?
What are you using for Web UI/layout design?
What programs do you use to create graphic images?
Folders or Projects in a Visual Studio Solution?
How do you test layout design across multiple browsers/OSs?