开发者

Auditing desktop application user and securing access to a desktop application

Question is about providing auditing (who used the application, when) and securing (who can launch the applica开发者_如何学编程tion - no fine grain control or data security) a desktop application developed you.

What would you prefer?

  1. Have an authentication mechanism built into your application

    If using this option, we have to include user and password management, login screen, etc. within the application itself.

  2. Use underlying OS for auditing and authenticating

    Here the application needs to be configured after installation such that only users belonging to certain groups can execute the main program or edit the configuration file.


What would you prefer?

Well, I would prefer option 2.

Option 1 could be doable somehow at some level, but would likely be quite a mess. It has the inherent problem that permissions to any configuration and database files is still determined by the underlying OS. Note that legit users must have write permissions to some kind of database, because they must be able to change their own credentials at least. But unless you do the distinction at the OS level, your only option is to let the database to be writable by everybody, and so it could happen that users who have no right to do anything with the application still have write access to its files. Not good...


I personally use option 2 in combination with a SQL server. I authenticate users using their windows (if it is windows) login token. I usually don't make them re-enter a password just take their login token but that is an option to increase security. Obviously someone could leave their computer unattended and it stops someone jumping on there.

I choose not to use active directory to put users in groups for access to different programs however as it means I have to contact IT to get users added. I find it easier to maintain a table on SQL server granting login tokens access to the program. I would also use an sql server for logging any activity you want as it keeps it simple.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜