I often encounter the following scenario where I need to offer many different types of permissions. I primarily use ASP.NET / VB.NET with SQL Server 2000. Scenario I want to offer a dynamic permission system that can work on different parameters. Let's say that I want to give either a department or just a specific person access to an a...
I have a asp.net application that we've written our own logging module for. My question is, where is the standard place to write a log file to? I.e. the website will be running as the anonymous user identity (e.g. IUSR on IIS7) and I need a place where I know it'll have permission to write to. Cheers,...
On my Windows XP machine Visual Studio 2003 2005 and 2008 all complain that I cannot start debugging my web application because I must either be a member of the Debug Users group or of the Administrators group. So, I am an Administrator and I added Debug Users just in case, and it still complains. Short of reformatting my machine and st...
Hi, we're developing a web app to cover all aspects of a printing company from finances, to payroll, to job costing. Its important to be able to control who can access what parts of these applications. Don't want a line employee giving himself a raise, etc... I've heard of the concept of ACL & ACO, but haven't found a good example tha...
I've tried to do this several times with no luck. After reading this post, it made me interested in doing this again. So can anyone tell me why the following doesn't work? <?php $guest = 1; $editor = 2; $admin = 4; $user = $editor; if( $user == ($editor | $admin) ) { echo "Test"; } ?> ...
I have an application which really should be installed, but does work fine when deployed using JNLP. However, it would seem that some Java functions such as Runtime.exec don't work using the default security options. I would like to therefore disable UI functionality that relies upon such functions. So my question is, how do I detect a...
How can you allow a php script to write to a file with high security restrictions, such as only allowing a single user to write to it? The difficulty seems to be that a php script is running as a low-permissions user (maybe apache, or www, or nobody?), and even if I chown apache the_writable_file, the directory it's in might not be writ...
Ideally, this script could be run multiple times, as new tables were added to the database. SQL Server Management Studio generates scripts for individual database objects, but I'm looking for more of a "fire-and-forget" script. ...
I'm still trying to get my head around LINQ and accessing a SQL Database. I was always taught that you should only have execute permissions of stored procedures to your data. You should never have select / insert / update / delete. (This is because of performance and security) To get the data out of LINQ you obviously need select per...
I'm struggling to implement ACL in CakePHP. After reading the documentation in the cake manual as well as several other tutorials, blog posts etc, I found Aran Johnson's excellent tutorial which has helped fill in many of the gaps. His examples seem to conflict with others I've seen though in a few places - specifically in the ARO tree...
I would like to create a folder that users who do not have privileges to view the rest of the site can see. This user group would be granted access to the site, but I only want them to be able to view one particular page. Is this possible to do without going to every single page and removing the new user group's access? ...
I was going to ask a question here about whether or not my design for some users/roles database tables was acceptable, but after some research I came across this question: What is the best way to handle multiple permission types? It sounds like an innovative approach, so instead of a many-to-many relationship users_to_roles table, I ha...
I've been trying to use SQLite with the PDO wrapper in PHP with mixed success. I can read from the database fine, but none of my updates are being committed to the database when I view the page in the browser. Curiously, running the script from my shell does update the database. I suspected file permissions as the culprit, but even with ...
I am thinking about the design of an iPhone app I'd like to create. One possible problem is that this application will have to run as root (to access certain network ports). In a typical UNIX app, I'd just get the app to run with setuid, but I'm wondering if that is possible with an iPhone app. I've read this question in Apple's forum...
How can I find what databases I have a minimum of read access to in either basic SQL, MySQL specific or in PHP? ...
I'm working with a support person who is supposed to be able to install SSL certs on a web server he maintains. He has local admin rights to the server via a domain security group. He also has permissions on our internal CA running Windows 2003 Server Certificate Authority: "Request cert" and "Issue and Manage certs". The server he's ...
Does anyone know of some good resources related to setting up heirarchical user account systems? I'm currently setting one up and am struggling with some of the more complex logic (especially with determining permissions). I was hoping I might be able to find some resources to help me along. Some Background: I'm building a user account ...
I'm designing a portal's security architecture. The site has pages, videos, pictures, users, databases, file system objects, etc. What is the best way to control access to all of these objects? How would you store permissions? Is a 64-bit database variable enough for storing permissions? E.g. Windows employs ACLs and SIDs. Do you have ...
This is a pretty simple question, at least it seems like it should be, about sudo permissions in linux. There are a lot of times when I just want to append something to /etc/hosts or a similar file but end up not being able to because both > and >> are not allowed, even with root. Is there someway to make this work without having to su...
i have created a workflow activity that do give the item creater of a specific list full control on the item and set everyone else to read only access (permission) someone told me that doing it this way (if i have a lot of users) the performance will go down dramatically is that correct ?!! if yes what is the best solution to create...