acl

Access Control Lists & Access Control Objects, good tutorial?

Hi, we're developing a web app to cover all aspects of a printing company from finances, to payroll, to job costing. Its important to be able to control who can access what parts of these applications. Don't want a line employee giving himself a raise, etc... I've heard of the concept of ACL & ACO, but haven't found a good example tha...

CakePHP ACL Database Setup: ARO / ACO structure?

I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which has helped fill in many of the gaps. His examples seem to conflict with others I've seen though in a few places - specifically in the ARO tree...

Where to Store writable data to be shared by all users in a vista installer ?

My app is installed via NSIS. I want the installer to install the program for all users. I can do this, by installing to the 'program files' directory. There is a database file (firebird), that all user accounts on the system should share. If I store this database file in the 'program files' directory it will be read only. If I st...

What's the best way to implement ACLs to a Rails application?

I just wanted to compare different solutions used when implementing ACLs in Rails. ...

SNMP SET with ACL and Set Community Name

Hi All, I need to perform a SNMP Set operation in a printer in the network which as an Access Control List configured (ACL) and my host's IP Address is not in the ACL table. I'm getting a strange behavior: When I have a SNMPv1 Set community name configured, I am ONLY able to perform a SNMP Set if my host ip is in the ACL table. If there...

File security attributes getting screwed up on file copy

I've a windows service that updates our product. It copies the product files into a temp directory, usually "C:\Windows\Temp", patches the binaries, and then uses MoveFileEx to copy the files back to the install directory on a reboot, usually "C:\Program Files\Product". The files in the install directory are inheriting their security att...

Copying file security permisions

I'm copying a file from folder A to folder B and then trying to copy the file permisions. Here are the basic steps I'm using: CopyFile(source, target) GetNamedSecurityInfo(source, GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION) Print source SD using ConvertSecurityDescriptorToStringSecurityDescriptor SetNamedSecurityInfo(target...

Does it make sense to set up a trusted relationship between Active Directory instances at partner companies?

Hi, If a company often requires users to be created in a partner's active directory, and vice versa, does it make sense to set up a federated / trusted relationship between the AD instances? If so, what should be considered? Does the ACL for users in the partner AD still work the same way? What security risks does this expose? Thanks! ...

Why is SetNamedSecurityInfoW leaving out ACEs?

I've got some code that basically does: GetNamedSecurityInfoW (<some file>,dacl only) build a new ACL with the info from #1 and an additional ACE to allow local Administrators full control SetNamedSecurityInfoW (<the same file>,the new dacl) The dacl from #1 contains 4 ACEs: grant: mask(0x001F01FF), flags(0x00000010): S-1-5-18 (NT A...

What technology to get NTFS access rights in C ?

Hello everybody, I am thinking hard about how to play with access rights on several platforms. Now I am reaching Microsoft Windows and permissions on NTFS files/directories. I must say that I am working in C language. My question is pretty general. I have a username and a file path. Do I need more information to check if the user has ...

Rails User Access Plugins

There are a lot of rails plugins out there that handle user permissions. I'm impressed with the implementation in the hobo gem, but I'm not sure if I can use just this feature and not the other parts. GateKeeper is a really clever implementation, but has some bugs, though it's small enough I could probably fix it myself. Restful_ACL g...

Authentication for a browser-based application dependent on the client machine

How do you make the authentication for a browser-based application dependent on the client machine? Say the admin can login only from this machine. Assumptions: There is complete control over the network and all machines (client and server) involved. I am looking for an apache/linux solution. ...

Recommend a PHP ACL class?

In reference to my other question, I'm looking for a good php-based ACL class that I can integrate into ExpressionEngine to get better support for member access control. So far I'm looking at the Zend Framework ACL class. Is anyone using anything else they recommend? Thanks! ...

User authentication

If I am to follow What should a developer know before building a public web site? on authentication, then what options do I have ? I have never used PEAR, and I'm not about to start. I have read about phpGALC but have yet to try it. After the authentication do rights/access level kick in. I'm not a big fan of using a single tinyint val...

ACL for a network device

Hi, I need to implement ACL based authentication mechanism for a device. This device can be accessed through various interfaces like web pages, TL1 (basically through some command prompt) etc. I need to keep ACL logic centralized so that request from any interface can be authenticated. ACL logic would basically check whether the logg...

Why can I not set this ACL rule in C#?

Running as an elevated admin on Vista SP1, my C# app tries to set the following rule with the following code. No error is produced, but neither is any change on the directory's ACL. What am I missing? public static void Main( string args[] ) { string dirPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonAp...

File Vs Database

I'm going to implement an Access Control List for each individual user so they can assign access to their own resources so they can hide stuff, for example, from their mothers, but show their friends. Now storing ACL in a database seems like it can get pretty insane when each user is also a group, which can have many sub groups. So I'm ...

Help with Zend ACL

hello, I am currently working on a site that requires use of ACL and seen as I am using Zend it makes sense for my make use of there ACL class but I have little to zero idea of how to do this, I have read the docs but this has confused me further...basically all I want do is set up two user groups e.g. normal and admin, normal users ca...

How should I be implementing my ACL in a web application?

I've been thinking about the web app I'm about to begin developing and wondering whether my usual approach could be improved. In my last few apps I've created a table (see below) of roles (such as CREATE POST, EDIT POST etc.) which each have a bitfield applied to them so I can simply assign a user certain rights in registration and chec...

Changing Parent for a Resource - Zend ACL - 1.7.3

Hello, We have a the following structure for our application require_once "Zend/Loader.php"; Zend_Loader::registerAutoload(); $acl = new Zend_Acl(); // application $acl->add(new Zend_Acl_Resource('application1')); // groups $acl->add(new Zend_Acl_Resource('group1'), 'application1'); $acl->add(new Zend_Acl_Resource('group2'), 'applicat...