Security and VFP - Level Extreme

Plateforme Level Extreme

Abonnement

Profil corporatif

Produits & Services

Support

Légal

English

Security and VFP

Message

22/09/2000 10:48:56

Daniel Gramunt
Nokia
Lausanne, Suisse

Tous

Information générale

Forum:

Visual FoxPro

Catégorie:

Fonctions Windows API

Titre:

Security and VFP

Divers

Thread ID:

00419725

Message ID:

00419725

Vues:

103

I’m trying to add some security to my VMP application. The security features of VMP are excellent and there’s nothing I would like to add. However, security only works when running the application. Anyone with access rights to the DATA\ directory can access the DBF files. I would like to avoid encryption and prefer to find a solution to limit the access to the DBFs using NT’s access rights. My strategy is as follows:

Assuming the following directory structure :

\MyApplication\data
\MyApplication\data\system
\MyApplication\forms
\MyApplication\classes
\MyApplication\etc…

All users have full access to \MyApplication and all sub-directories *except* for the \MyApplication\data\system
directory. The only user that has access to this directory is a dummy NT user that is created solely to access this directory. The idea is that the VMP application programmatically connects to this directory during application startup, allowing the application to access the data in this directory. When the application is quit, the connection is canceled. This would limit the access to the VFP application. However, I’ve got two problems:

1. I cannot establish a connection under a different user. I’m using the Win32Api function WnetAddConnection2(). I wrote a wrapper function NetAddConnect() listed below. I used the same function under NetWare and it worked. For example NetAddConnect("\\MyServer\apps\", "K:", "UserId", "Password") let me successfully map a drive under a different user. However, under Windows NT 4.0 the function ignores the user and password setting and connects the drive using the current user. Any ideas what I’m missing?
2. Assuming above will eventually work, I suspect that while using the VMP application, the connected drive is visible and accessible (e.g. in Explorer). Is there’s a way to hide the connection from the current user?

Any ideas, suggestions or alternatives are greatly appreciated.

Configuration:
Server: NT 4.0
Client: Win98
VFP: 6 SP3

Thanks
Daniel

Here’s the function that allows mapping a drive:

* Program...........: NetAddConnect
*) Description.......: Wrapper to the API function WNetAddConnection2().
*) : This program is using Christof Lange's struct class.
*) : Returns 0 if successful
* Calling Samples...: NetAddConnect("\\MyServer\apps\", "K:", "UserId", "Password")
* Parameter List....:
* Major change list.:
*--------------------------------------------------------------------------------------------------
LPARAMETER tcNetworkName, tcDriveLetter, tcUserName, tcPassword

*--------------------------------------------------------------------------------------------------
*-- Bit flag for fdwConnection in WNetAddConnection2()
*--------------------------------------------------------------------------------------------------
#DEFINE CONNECT_UPDATE_PROFILE 0x00000001

*--------------------------------------------------------------------------------------------------
*-- Error values returned by WNetAddConnection2()
*--------------------------------------------------------------------------------------------------
#DEFINE NO_ERROR 0
#DEFINE ERROR_ACCESS_DENIED 5
#DEFINE ERROR_ALREADY_ASSIGNED 85
#DEFINE ERROR_BAD_DEV_TYPE 66
#DEFINE ERROR_BAD_DEVICE 1200
#DEFINE ERROR_BAD_NET_NAME 67
#DEFINE ERROR_BAD_PROFILE 1206
#DEFINE ERROR_BAD_PROVIDER 1204
#DEFINE ERROR_BUSY 170
#DEFINE ERROR_CANCELLED 1223
#DEFINE ERROR_CANNOT_OPEN_PROFILE 1205
#DEFINE ERROR_DEVICE_ALREADY_REMEMBERED 1202
#DEFINE ERROR_EXTENDED_ERROR 1208
#DEFINE ERROR_INVALID_PASSWORD 86
#DEFINE ERROR_NO_NET_OR_BAD_PATH 1203
#DEFINE ERROR_NO_NETWORK 1222

*--------------------------------------------------------------------------------------------------
*-- NETRESOURCE structure: scope of enumeration (dwScope)
*--------------------------------------------------------------------------------------------------
#DEFINE RESOURCE_CONNECTED 0x00000001
#DEFINE RESOURCE_GLOBALNET 0x00000002
#DEFINE RESOURCE_REMEMBERED 0x00000003

*--------------------------------------------------------------------------------------------------
*-- NETRESOURCE structure: bitmask of resource type (dwType)
*--------------------------------------------------------------------------------------------------
#DEFINE RESOURCETYPE_ANY 0x00000000
#DEFINE RESOURCETYPE_DISK 0x00000001
#DEFINE RESOURCETYPE_PRINT 0x00000002

*--------------------------------------------------------------------------------------------------
*-- NETRESOURCE structure: display type (dwDisplayType)
*--------------------------------------------------------------------------------------------------
#DEFINE RESOURCEDISPLAYTYPE_GENERIC 0x00000000
#DEFINE RESOURCEDISPLAYTYPE_DOMAIN 0x00000001
#DEFINE RESOURCEDISPLAYTYPE_SERVER 0x00000002
#DEFINE RESOURCEDISPLAYTYPE_SHARE 0x00000003

*--------------------------------------------------------------------------------------------------
*-- NETRESOURCE structure: bitmask of resource usage (dwUsage)
*--------------------------------------------------------------------------------------------------
#DEFINE RESOURCEUSAGE_CONNECTABLE 0x00000001
#DEFINE RESOURCEUSAGE_CONTAINER 0x00000002

*-- check parameters
ASSERT TYPE("tcNetworkName") = "C" AND NOT EMPTY(tcNetworkName)
ASSERT TYPE("tcDriveLetter") = "C" AND NOT EMPTY(tcDriveLetter)

tcDriveLetter = LEFT(UPPER(tcDriveLetter),1)

*-- make sure drive letter is between G and Z
IF NOT BETWEEN(ASC(tcDriveLetter), 71, 90)
WAIT WINDOW NOWAIT "Drive letter must be between G and Z!"
RETURN -1
ELSE
*-- add colon to drive letter
tcDriveLetter = tcDriveLetter + ":"
ENDIF

*-- optional parameters
tcUserName = IIF(TYPE("tcUserName") = "C", tcUserName, "")
tcPassword = IIF(TYPE("tcPassword") = "C", tcPassword, "")

*-- declare API function
Declare Integer WNetAddConnection2 in Win32API ;
String lpNetResource, ;
String lpPassword, ;
String lpUsername, ;
Integer fdwConnection

*-- create structure
LOCAL loNetResource
SET CLASSLIB TO Struct ADDITIVE

loNetResource = CreateObject("NETRESOURCE")

With loNetResource
.dwScope = RESOURCE_GLOBALNET
.dwType = RESOURCETYPE_DISK && required by WNetAddConnection2
.dwDisplayType = 0
.dwUsage = RESOURCEUSAGE_CONNECTABLE
.lpLocalName = tcDriveLetter && required by WNetAddConnection2
.lpRemoteName = tcNetworkName && required by WNetAddConnection2
.lpComment = .NULL.
.lpProvider = .NULL. && required by WNetAddConnection2
EndWith

lpNetResource = loNetResource.GetString()
lpPassword = tcPassword
lpUsername = tcUsername
fdwConnection = CONNECT_UPDATE_PROFILE

*-- call API function
lnRetVal = WNetAddConnection2(lpNetResource, ;
lpPassword, ;
lpUsername, ;
fdwConnection)

RELEASE CLASSLIB Struct

RETURN lnRetVal
*-- EOF Function NetAddConnect --------------------------------------------------------------------

DEFINE CLASS NETRESOURCE AS struct
dwScope = 0
dwType = 0 && required by WNetAddConnection2
dwDisplayType = 0
dwUsage = 0
lpLocalName = .NULL. && required by WNetAddConnection2
lpRemoteName = .NULL. && required by WNetAddConnection2
lpComment = .NULL.
lpProvider = .NULL. && required by WNetAddConnection2

cMembers = "l:dwScope, l:dwType, l:dwDisplayType, l:dwUsage, "+;
"pz:lpLocalName, pz:lpRemoteName, pz:lpComment, pz:lpProvider"
ENDDEFINE

Daniel

Répondre

Fil

Voir

Click here to load this message in the networking platform