On Tuesday, October 04, 2011 9:33 AM, "Paul Hill" <[email protected]> wrote:
> > Or terminal services/remote desktop. Runs just like a local app. > > You don't need to provide the whole desktop to the user, you can just > serve your app. We have many sites using TS - it is the only way we support remote usage. The other thing that this approach brings is the ability to 'sandbox' your application and get around the inherent insecurity of DBF files. We have a customer who are very locked-down security-wise, and we had to pass an audit in this respect. They couldn't have a situation where even legit users could browse to the application data folder in Windows and mess around with the DBF files. So we set up a special user with the appropriate rights and removed those rights from the normal Windows logins, thus stopping them being able to see the DBF files. We then set up a remote desktop connection set to log in as the special user, and to run our app automatically. We saved this as a .RDP file and put it on each desktop. So when the user clicks on it it starts a TS session, logs in as the special user and runs the app. They don't get a desktop or anything and have no way to 'shell out'. Once they close the application the TS session terminates. So it's completely sandboxed. -- Alan Bourke alanpbourke (at) fastmail (dot) fm _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
