Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Changing Special Permissions programmatically???
2 views
Skip to first unread message
Peter Olcott
Nov 5, 2009, 10:44:53 PM11/5/09
to
http://support.microsoft.com/kb/308419
I need to set the Traverse Folder/Execute File permission,
without also setting the Read permission. How can I do this
from software?
In other words I want "Execute Only" access to a file, I
specifically want to prohibit Read permission.
I need to set the Traverse Folder/Execute File permission,
without also setting the Read permission. How can I do this
from software?
In other words I want "Execute Only" access to a file, I
specifically want to prohibit Read permission.
Joseph M. Newcomer
Nov 5, 2009, 11:52:23 PM11/5/09
to
All permissions are changed "programmatically" in that the dialogs you pop up under
"properties" just cause the issuance of security-related APIs. You would need to
familiarize yourself with the security APIs, security tokens, and all that stuff. I've
never done it, because it is rather incoherently documented and some of the documentation
lies. Most of it is confusing. I have a book on Windows Security which goes into
exquisite detail on all of this stuff, and you need to read most of it before you can
understand any of it. So I gave up and leave security to others.
"properties" just cause the issuance of security-related APIs. You would need to
familiarize yourself with the security APIs, security tokens, and all that stuff. I've
never done it, because it is rather incoherently documented and some of the documentation
lies. Most of it is confusing. I have a book on Windows Security which goes into
exquisite detail on all of this stuff, and you need to read most of it before you can
understand any of it. So I gave up and leave security to others.
That said, it is not clear there is any "execute only" option available for files. And
once loaded, there is definitely no "execute only" option on the code pages; they can
always be read. The x86 hardware simply does not support a page which can only be
executed but not read.
If the goal is to protect code, the answer is that I don't think there is any such
mechanism in Windows.
joe
Joseph M. Newcomer [MVP]
email: newc...@flounder.com
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
Peter Olcott
Nov 6, 2009, 7:42:33 AM11/6/09
to
I am going to provide the code as a webservice, and merely
want to make sure that the executable can not be read by any
users of this webservice.
want to make sure that the executable can not be read by any
users of this webservice.
"Joseph M. Newcomer" <newc...@flounder.com> wrote in
message news:cha7f5td02qmn07rt...@4ax.com...
Joseph M. Newcomer
Nov 6, 2009, 8:41:18 AM11/6/09
to
I do not believe that is possible using permissions. Note also that if the service
executes on the client side, you must have read permission at the Web site; if it executes
on the server, the only way an end user can gain access is via some mechanism that should
be prohibited by how the server is configured (e.g., no FTP account can read the directory
in which the file exists; no way for the user to log in an account in which they can
execute arbitrary commands, etc.)
joe
executes on the client side, you must have read permission at the Web site; if it executes
on the server, the only way an end user can gain access is via some mechanism that should
be prohibited by how the server is configured (e.g., no FTP account can read the directory
in which the file exists; no way for the user to log in an account in which they can
execute arbitrary commands, etc.)
joe
0 new messages