Application based authentication

TheMSsForum.com: The Microsoft Software Forum

Hi,

I'm sure I've read about this before somewhere, but may have dreamed it.

Is there a way to allow a user to run an app, but give read/write/modify
permissions to the app instead of the user. That way the user can access the
data but only via the app. I know I can effectively do this locking down
with group policy, but I have some very awkward accountants in at the
moment. They're all security expert<s> these days.

Thanks,
Neil
Top

Re: Application based authentication by Rolf

Rolf
Thu May 25 16:40:19 CDT 2006

> Is there a way to allow a user to run an app, but give read/write/modify
> permissions to the app instead of the user.

Permissions are given to users or computers, not to applications.
You can run the application in the name of another user with RUNAS.EXE

See http://www.tek-tips.com/faqs.cfm?fid=2760 for using RUNAS.EXE with
automatic pasting of password.
An possible alternative could be Runas Professial (
http://www.softaward.com/2346.html )




Top

RE: Application based authentication by Leemi

Leemi
Thu May 25 16:41:32 CDT 2006

Hi Neil:

Using a group policy would be the only way I would know how to do this. VFP
has not native method of performing this task.

If data security is a real priority for your data, then I would consider
using SQL Server backend for string data instead of VFP tables. There are
just too many programs that read DBF files.

I hope this helps.

This posting is provided "AS IS" with no warranties, and confers no rights.

Sincerely,
Microsoft FoxPro Technical Support
Lee Mitchell

*-- VFP9 HAS ARRIVED!! --*
Read about all the new features of VFP9 here:
http://msdn.microsoft.com/vfoxpro/

*--Purchase VFP 9.0 here:
http://www.microsoft.com/PRODUCTS/info/product.aspx?view=22&pcid=54787e64-52
69-4500-8bf2-3f06689f4ab3&type=ovr

Keep an eye on the product lifecycle for Visual FoxPro here:
http://support.microsoft.com/gp/lifeselectindex
- VFP5 Mainstream Support retired June 30th, 2003
- VFP6 Mainstream Support retired Sept. 30th, 2003
>Hi,

>I'm sure I've read about this before somewhere, but may have dreamed it.

>Is there a way to allow a user to run an app, but give read/write/modify
>permissions to the app instead of the user. That way the user can access
the
>data but only via the app. I know I can effectively do this locking down
>with group policy, but I have some very awkward accountants in at the
>moment. They're all security expert<s> these days.

>Thanks,
>Neil



Top

Re: Application based authentication by Neil

Neil
Fri May 26 08:44:51 CDT 2006

> Permissions are given to users or computers, not to applications.
> You can run the application in the name of another user with RUNAS.EXE
>
> See http://www.tek-tips.com/faqs.cfm?fid=2760 for using RUNAS.EXE with
> automatic pasting of password.
> An possible alternative could be Runas Professial (
> http://www.softaward.com/2346.html )
>

Thanks Rolf,
Looks worth a try.



Top

Re: Application based authentication by Steve

Steve
Fri May 26 19:19:46 CDT 2006

On Thu, 25 May 2006 21:22:36 +0100, "Neil Waterworth" <spammonkey at
microsocks.com> wrote:

>Hi,
>
>I'm sure I've read about this before somewhere, but may have dreamed it.
>
>Is there a way to allow a user to run an app, but give read/write/modify
>permissions to the app instead of the user. That way the user can access the
>data but only via the app. I know I can effectively do this locking down
>with group policy, but I have some very awkward accountants in at the
>moment. They're all security expert<s> these days.
>
>Thanks,
>Neil
>

Encrypt it. I had an app containing a dbf I didn't want ANYONE
(including administrator) to be able to read. After the authorized
user logged in, the data was unencrypted using a procedure in the app.
Any data the user wrote to the dbf got encrypted by the app.

Of course this is only as secure as the password and it doesn't
prevent someone with evil intent from trashing the dbf. Good backup
policies can minimize that risk.

HTH

Steve M.


Top

Re: Application based authentication by Mike

Mike
Thu Jun 01 02:34:54 CDT 2006

On Thu, 25 May 2006 21:22:36 +0100, "Neil Waterworth" <spammonkey at
microsocks.com> wrote:

>Hi,
>
>I'm sure I've read about this before somewhere, but may have dreamed it.
>
>Is there a way to allow a user to run an app, but give read/write/modify
>permissions to the app instead of the user. That way the user can access the
>data but only via the app. I know I can effectively do this locking down
>with group policy, but I have some very awkward accountants in at the
>moment. They're all security expert<s> these days.
>
>Thanks,
>Neil
>
I do something very like this with a SQL Server backend. IIRC the
connection that the VFP application uses has the account and password
in it.

There is another account which only has read permissions, cannot write
/ modify / delete. Certified users can use that account with any app
of their choice for querying the data.

In another environment using only VFP tables I encrypt (though the
reasons are slightly different and only sensitive data is encrypted).

If you are starting out on a new app now, I would definitely look at
SQL Server backend / freebie equivalent if you haven't got those
resources at this stage. All my customers IT departments hate the load
that VFP puts on their network. I hate the problems caused by their
networks !

Mike.
Top