Don t Write User Files to Program Files

Previous page
Table of content
Next page

Don't Write User Files to \Program Files

I've already outlined this in Chapter 7, but it's worth repeating. Writing to the \Program Files directory requires the user to be an administrator because the access control entry (ACE) for a user is Read, Execute, and List Folder Contents. Requiring administrator privileges defeats the principle of least privilege. If you must store data for the user, store it in the user's profile: %USERPROFILE%\My Documents, where the user has full control. If you want to store data for all users on a computer, write the data to \Documents and Settings\All Users\Application Data\dir.

Writing to \Program Files is one of the two main reasons why so many applications ported from Windows 95 to Windows NT and later require that the user be an administrator. The other reason is writing to the HKEY_LOCAL_MACHINE portion of the system registry, and that's next.


Previous page
Table of content
Next page
Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
FileMaker Pro 8: The Missing Manual
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
Cisco Voice Gateways and Gatekeepers
Mastering Delphi 7
Ruby Cookbook (Cookbooks (OReilly))
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy