Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Preventing access to tables outside of VFP
Message
From
12/10/1998 22:19:47
Ed Rauh
Trumbull, Connecticut, United States
 
General information
Forum:
Visual FoxPro
Category:
Other
Title:
Re: Preventing access to tables outside of VFP
Miscellaneous
Thread ID:
00146063
Message ID:
00146083
Views:
25
>I have never tried it, but you could assign permissions to the DBF files based on the user login - or a group of users. I would suggest creating a new group - in which the users of your app are assigned. This way, when new user comes online, you only need to affect the group 1 time. Otherwise, you would have to assign permissions to each file. Don't forget to include other files like memos and indexes as well.

While this would help in keeping unauthorized users from accessing or modifying the files, AFAIK, there's no way to make a file usable by VFP as a table and prevent other applications that can also read the file from copying it, and if a user has write permissions to a file and change or full access permissions to the directory it's in, the file can be renamed or turned to toast - and these permissions are necessary to let the VFP app update the table, create temporary files in the local directory. NTFS doesn't provide object access enforcement based on what application is running, but based on the user that's logged in running the application.

On a realistic basis, you can restrict what applications a user can access using the System Policy Editor and Zero Administration Kit. This would allow the system administrator to limit the user's access to specific apps based on userid and password (I've used this to set up systems where certain users could only run a few applications, even though that userid had very wide-ranging file system access permissions). The problem here is that someone has to have ownership of files, and act as administrator, and if a user with Administrator privileges wants to do something and has open access to other, general purpose applications (not to mention Windows Explorer), you're pretty much cooked as far as security.

If the data resides somewhere other than a local file, and is not accessed directly by VFP (remote views, SPT, ADO, where physical access to the file is never given to the client) then the server that VFP talks to can be programmed to provide access control beyond what the NTFS file system imposes. You can't copy a file if you can't access it directly, much less erase or rename it.

>
>
>
>>Is there a way to prevent access to the users to the DBF files outside a VFP application, lets say to keep them from opening them thru VFP developement or erase, rename or copy them thru the Windows Explorer.
>>
>>All the files are in a Windows NT server, I suppose that there could be a hidden propery to the files or something like that.
>>
>>Any hints?
EMail: EdR@edrauh.com
"See, the sun is going down..."
"No, the horizon is moving up!"
- Firesign Theater

NT and Win2K FAQ .. cWashington WSH/ADSI/WMI site
MS WSH site ........... WSH FAQ Site
Wrox Press .............. Win32 Scripting Journal
eSolutions Services, LLC

The Surgeon General has determined that prolonged exposure to the Windows Script Host may be addictive to laboratory mice and codemonkeys
Previous
Reply
Map
View

Click here to load this message in the networking platform