Need an idea...

[Insolence 2]

I made a program to control a few computers in a classroom, it reads a simple ini file.

My problem is anyone on the network could edit the ini file, how do I get it protected? Could I possibly use dllcall's and a secure mySQL database somewhere?

[Blue_Drache 260]

http://www.autoitscript.com/forum/index.php?showtopic=8084

[Insolence 2]

Well, excellent idea, but that doesn't stop them from just deleting the file.

[Blue_Drache 260]

Well, excellent idea, but that doesn't stop them from just deleting the file.

<{POST_SNAPBACK}>

Set the default share on the file/folder to read-only access and give yourself full access.

[Insolence 2]

It's at my school and I'm not an admin. Any other solution?

[Blue_Drache 260]

It's at my school and I'm not an admin.  Any other solution?

<{POST_SNAPBACK}>

Other than filling out the paperwork and getting a project folder on the network drive that is set up as described earler....not that I know of. Setting the file attribs to +RH may help, but that will really only slow someone down and annoy them.

[MSLx Fanboy 0]

you can set the File Attributes through AU3, or you can pass a command through a dos terminal, using the cacls command, and restrict it to a specific Windows account

[zcoacoaz 0]

you could always encrypt it

[Insolence 2]

Xenogis, come on, read what I said. Someone could just delete it.

MSL, will this get me in trouble with the school or anything?

Can I set it to read from any account, and write from only my/the teachers account?

[Blue_Drache 260]

Xenogis, come on, read what I said.  Someone could just delete it.

MSL, will this get me in trouble with the school or anything?

Can I set it to read from any account, and write from only my/the teachers account?

<{POST_SNAPBACK}>

Microsoft Windows XP [Version 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

02/08/2005 16:53:19.12

C:\>cacls /?

Displays or modifies access control lists (ACLs) of files

CACLS filename [/T] [/E] [/C] [/G user:perm] [/R user [...]]

              [/P user:perm [...]] [/D user [...]]

  filename      Displays ACLs.

  /T            Changes ACLs of specified files in

                the current directory and all subdirectories.

  /E            Edit ACL instead of replacing it.

  /C            Continue on access denied errors.

  /G user:perm  Grant specified user access rights.

                Perm can be: R  Read

                              W  Write

                              C  Change (write)

                              F  Full control

  /R user      Revoke specified user's access rights (only valid with /E).

  /P user:perm  Replace specified user's access rights.

                Perm can be: N  None

                              R  Read

                              W  Write

                              C  Change (write)

                              F  Full control

  /D user      Deny specified user access.

Wildcards can be used to specify more that one file in a command.

You can specify more than one user in a command.

Abbreviations:

  CI - Container Inherit.

        The ACE will be inherited by directories.

  OI - Object Inherit.

        The ACE will be inherited by files.

  IO - Inherit Only.

        The ACE does not apply to the current file/directory.

02/08/2005 16:53:33.98

C:\>

C:\cacls filename.txt /P *:R

*SHOULD* set everyone to read only, then you just add a

Edit: Doesn't work.

C:\cacls filename /G youraccount:F

to grant yourself full control.

Ok, you may have to loop the permission denial after dumping the ouput of "cacls filename.txt > temp.txt"

Edited February 8, 2005 by Blue_Drache

[Insolence 2]

Thank you VERY much!

[Coffee 0]

how about read ini file

if file, key, or value is corrupted, fileinstall inifile

or grab inifile from comp B, modify for comp A

installl to comp A, cycle through all pc's and if not found fileinstall and repeat.

or put a backup in another directory and if dir1 ini file does not exist, run backup inifile and place a copy in dir 1 or some other trick?

Edited February 8, 2005 by Coffee

[Insolence 2]

That doesn't work either. Someone can just edit the ini directly. I can't encrpt it because eventually they could just catch on.

I think I'll use the DOS stuff that was mentioned with some encryption algoritym I come up with.

Maybe current action & time would be the R4 key... something like that

[Wolvereness 0]

Having this in the startup of any computer that can access the file will work:

2 programs, each program makes sure the other is not closed and is not delted from the startup registry.

Have 4 .txt files that have same content. Each program will open their files using FileOpen(). This makes the files unable to be deleted. If one of the files becomes corrupt then it is replaced.

Lastly, you can have an admin program that is passworded internally that can tell the others to disable themselves.

/note: There is most likely something easier but this one you don't have to use external program.

Edited February 9, 2005 by Wolvereness

[Insolence 2]

Yes, the easier method is just setting permissions.

You could just write a script to close both .exe's anyway and it'd throw the whole thing off... can't really get passed that.

[MSLx Fanboy 0]

What you can do is pull the md5 of the original file, and then have it check the ini file each time it runs. There's a dll file that does md5's, just search md5.dll in the forums...

[Insolence 2]

I don't have to do that, and that still doesn't solve any problems.

FileSize does that well enough.

[MSLx Fanboy 0]

File size isn't accurate. Pulling an md5 sum will change with a single character switched.