Hello. I don't think I understand you. You said that I should not use password caching then you said that I can run my program using RunAs API which I suppose require the admin password. This means that the user should call the admin to input the password every time he needs to use/run the program.
--- "Burns, Christopher H. (Chris)" <[EMAIL PROTECTED]> wrote: > There is an inherent problem with this structure too. > > Most corporations (as a policy) require the user to change their > passwords every so often. Generally this is monthly, but can vary > widely depending on the security level the corporation wishes to > enforce. Cacheing the password is also bad form because it provides > another place the password can be harvested from(by hackers). This > process could also make your application unusable by a corporation that > has information security departments. I work at one that is like that. > If they determine that there is password cacheing I think they would > rather not use the application at all. Unless it would close them down > if they did not. > > It is not that MSs idea is brilliant, but more 'realistic' in the way > they have modeled security to the computer. Even real life security is > not perfect. > > Again, I would suggest opening a new process under the "system" user (or > security context) using the RunAs API. (I believe the real name of the > API is ShellExecuteEx). Then use that application to write where you > need to write. Aaron Margosis' weblog > (http://blogs.msdn.com/aaron_margosis/default.aspx) at Microsoft is a > good reference for working in a LUA context. Working in the LUA type > environment is what you are really worried about here. > > I would also echo the thought of allowing only a system administrator to > install the application. Many corporations now want installs to come > from only IT. This would allow them to keep their plan. You could > offer a non-admin install only on special request, and regulate the > distribution of that application. This is only a thought though. > > Thanks, > Chris Burns > TIMKEN The Clinton Plant, SC > * [EMAIL PROTECTED] > ) (864) 833-0210 x1192 > : www.timken.com > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Human > Sent: Friday, April 21, 2006 5:13 AM > To: Delphi-Talk Discussion List > Subject: Re: Re[2]: Writing to registry under a limited account > (Windows2000/XP) > > Right. > An application can't write to Program Files (to its own folder). > I had this problem long time ago... so goodbye INI files in this case. > > > > I wonder now if Microsoft's idea was so brilliant!? > It doesn't allow to an honest application to store its settings but it > allow to a virus to do > anything else. > > > > I am thinking at a new solution: to write a small application (a loader) > which will ask for Admin > password and will run the real application with Administrator rights > (something like Run As). > Of course the 'loader' will store the password for later use. > > > > Good, I already spent too much for this protection system. > > > > > --- Jack <[EMAIL PROTECTED]> wrote: > > > Hello Cosmin, > > > > >From my experience only the administrator can install software. > > And it's not possible for an application running as non-administrator > > to write to the install folder. But you can write to c:\Document and > > Settings\[username]\ > > > > -- > > Best regards, > > Jack > > > > Thursday, April 20, 2006, 11:28:29 PM, you wrote: > > > > > Require your application to be installed by an Administrator OR > write to the > > > application install directory, not the Windows directory. > > > > >> -----Original Message----- > > >> From: [EMAIL PROTECTED] [mailto:delphi-talk- > > >> [EMAIL PROTECTED] On Behalf Of Human > > >> Sent: Thursday, April 20, 2006 8:46 PM > > >> To: Delphi-Talk Discussion List > > >> Subject: Writing to registry under a limited account (Windows > 2000/XP) > > >> > > >> Anybody knows how to write data in C:\Windows and registry while > the > > >> application run under a > > >> limited account (non Administrator). > > >> > > >> The protection I made for my program works perfectly but only if it > runs > > >> in an Administration > > >> account. > > >> Under a limited user it can read but it can't write (of course) in > Windows > > >> folder, Program files > > >> and Windows Registry (except H_Key_CurrentUser). > > >> > > >> This is not a brilliant idea since the user can create a new > account when > > >> the program expire, > > >> deleting the old one. > > >> Can a Delphi application write in protected places or run itself as > > >> Administrator? > > >> > > >> > > >> If I choose Christianity then the Islamic will say I'm a pagan. > > >> If I choose Islamic then the Buddhism will say I'm a pagan. > > >> If I chose Buddhism then the Jewish will say I'm pagan. > > >> If I choose no God then everybody will say I'm pagan. > > >> Please, can I be free? Can you NOT tell me how I should live MY > life? > > >> > > >> __________________________________________________ > > >> Do You Yahoo!? > > >> Tired of spam? Yahoo! Mail has the best spam protection around > > >> http://mail.yahoo.com > > >> __________________________________________________ > > >> Delphi-Talk mailing list -> Delphi-Talk@elists.org > > >> http://www.elists.org/mailman/listinfo/delphi-talk > > > > > > > > > __________________________________________________ > > > Delphi-Talk mailing list -> Delphi-Talk@elists.org > > > http://www.elists.org/mailman/listinfo/delphi-talk > > > > __________________________________________________ > > Delphi-Talk mailing list -> Delphi-Talk@elists.org > > http://www.elists.org/mailman/listinfo/delphi-talk > > > > > If I choose Christianity then the Islamic will say I'm a pagan. > If I choose Islamic then the Buddhism will say I'm a pagan. > If I chose Buddhism then the Jewish will say I'm pagan. > If I choose no God then everybody will say I'm pagan. > Please, can I be free? Can you NOT tell me how I should live MY life? > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > __________________________________________________ > Delphi-Talk mailing list -> Delphi-Talk@elists.org > http://www.elists.org/mailman/listinfo/delphi-talk > > ----------------------------------------- > This message and any attachments are intended for the individual or > entity named above. If you are not the intended recipient, please > do not forward, copy, print, use or disclose this communication to > others; also please notify the sender by replying to this message, > and then delete it from your system. The Timken Company / The > Timken Corporation > > __________________________________________________ > Delphi-Talk mailing list -> Delphi-Talk@elists.org > http://www.elists.org/mailman/listinfo/delphi-talk > If I choose Christianity then the Islamic will say I'm a pagan. If I choose Islamic then the Buddhism will say I'm a pagan. If I chose Buddhism then the Jewish will say I'm pagan. If I choose no God then everybody will say I'm pagan. Please, can I be free? Can you NOT tell me how I should live MY life? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Delphi-Talk mailing list -> Delphi-Talk@elists.org http://www.elists.org/mailman/listinfo/delphi-talk
