Diese Seite mit anderen teilen ...

Informationen zum Thema:
Forum:
WinDev Forum
Beiträge im Thema:
6
Erster Beitrag:
vor 3 Jahren, 1 Monat
Letzter Beitrag:
vor 3 Jahren, 1 Monat
Beteiligte Autoren:
Fabrice Harari, GuenterP, Adri

A new article on Users' management and security is available

Startbeitrag von Fabrice Harari am 05.05.2015 14:57

Hi everybody,

I wrote this article in the context of WXEDM, but it applies everywhere... So I thought I would give you shout about it...

Here's the link: http://fabriceharari.com/UK/Page_Article.awp?ActiveMenuItem=86&Article=WXEDM_users_management_and_data_security

Best regards

Antworten:

Thanks for sharing.

Best regards,
Adri

von Adri - am 06.05.2015 12:51
Hi Fabrice,

just my 2 cents:

- the User Groupware from PC SOFT is a starting point, it's well done, contains a non-open part, but you can apply changes to most of the code & analysis of this internal component. Even better, you can copy that component - after all of the changes are done - to other projects.

- in order to prevent surprising changes to the User Groupware, I recommend to use a 'custom' install, which allows you to apply changes.

- you can stop the Groupware from forcing the name "Supervisor" whenever the GPU_User file is empty by changing the procedure GPU_Init. Just set ..
- the name of the supervisor to, let's say, "Fabrice"
- the password to, let's say, "?!*haha!"
- the GPU_User.PasswordToEnter = False

This will automatically create the user "Fabrice" instead of "Supervisor" for a newly generated and therefore empty GPU_User file and will force the bad boys to find out your chosen user name and password. Since all texts in the Groupware files are Unicode AND encrypted ... no chance.

- always change the file encryption password from the usual and too well-known "PCSGPW2001" to anything which suits you better.

- please note: the help system of version 200057 contains very detailed documentation in regards to the User Groupware now!

- from 200057 on, the Groupware offers an option (a button in the GPU_Main window) to encrypt (at least?) the passwords of the GPU_User file.

There are additional points:
If a bad boy just copies the data files and steals the install-file then his life will be hard, because our product needs activation through a license file before starting on a different computer. Copying the license and configuration files which we put into \ProgramData\CompanyName\ProductName will not help, they are bound to the computer's name and something else which I'm not going to reveal here. So, a bad boy would have to have the license file plus a separate user / password info to enable a new installation of the license. Just deleting the GPU_*.DAT files (yes, I changed the FIC to DAT, because FIC is very near to a German 4-letter-word) on the original computer will not help because he'd need to know the supervisor's name and password.

The encryption password of the data files is not that important because: if the bad boy/girl (being an employee of our customer) can start the application the AAFs will offer a galore of possibilities to steal the data! Look at the customers in a Table Control and export the Table's content to an Excel file ... just kiss your data goodbye. Same goes with prices, stock and so on ... if you don't want this to happen then a) you have to kill many of the AAFs and b) use a software product which documents the use and eventually inhibits using USB memory sticks and external hard disks.

von GuenterP - am 16.05.2015 05:46
Hi Guenter

once again, we'll have to agree to disagree ;)

I know that you use the RAD and the user groupware for your applications and that you are happy with them...

I use neither because I have seen too many cases of developers getting stuck with them.

So my solution is completely OUTSIDE that scope and your answer is in fact a completely different way of doing things, one that I strongly think is wrong as soon as you need advanced functionality.

Best regards

von Fabrice Harari - am 16.05.2015 13:08
Hey Fabrice, you didn't even take the time to read my text, did you?

quote from your article:

If somebody delete the user file, it is recreated empty and nobody can log in, as user creation is NOT possible (other files are NOT empty)

If somebody deletes ALL the files, they are all recreated empty, and we are in the initial install situation. Therefore, creating a user is possible. However, It will be created with a NEW and DIFFERENT DB GUID (assigned randomly)


Both clearly refer to a Groupware, any Groupware, because all Groupwares have to work in a similar way, right? I referred to the User Groupware of PC Soft and I think it's quite an excellent starting point for extending it to have your own Groupware and since it is an internal component, you can easily use your polished up User Groupware in any project you like, it's just a copy / paste operation away.

Yes, my way to do things is different to yours, because I have to take care of a whole business and we have to earn money, not to lose it. Wasting time by reinventing wheels = losing money. Using pre-fabricated things, revamping them and use the productivity of the resulting piece of software may not be the 'artist' approach to programming but it is the most efficient one, means: there is the money.

von GuenterP - am 16.05.2015 14:40
Hi Guenter,

No, all groupware do NOT have to work in similar ways... I' am tackling a problem linked to replication, where each user has physical access to the DB, and therefore my user management has additional constraints...

As for your business remark, I am running one too, and loosing time by being blocked by pcsoft limitations = loosing money too....

Furthermore, I also have to make sure that all my customer who are also running whole businesses do not loose time and money... So I'm responsible not only for MY business, but also for the businesses of my customers... And when I have to intervene to solve problems in pcsoft user groupware, believe me, it's because they have already wasted TONS of money.

My assessment of this particular feature is that it's okay to use it as it is coming out of the box for simple cases. As soon as you have to modify it because YOUR way of doing thing is slightly different, then it's a very slippery slope....

I just choose a way where I have much more control and can go much further more easily.

However, I am happy to hear that in your specific case, it is working out well for you...

Best regards

von Fabrice Harari - am 18.05.2015 08:52
Zur Information:
MySnip.de hat keinen Einfluss auf die Inhalte der Beiträge. Bitte kontaktieren Sie den Administrator des Forums bei Problemen oder Löschforderungen über die Kontaktseite.
Falls die Kontaktaufnahme mit dem Administrator des Forums fehlschlägt, kontaktieren Sie uns bitte über die in unserem Impressum angegebenen Daten.