mIRC Home    About    Download    Register    News    Help

Print Thread
Page 2 of 2 1 2
Joined: Jun 2003
Posts: 994
C
Hoopy frood
Offline
Hoopy frood
C
Joined: Jun 2003
Posts: 994
to Darwin_Koala also:
I do not allow users "free access to the C:\programs" folders .. they have free access to their own folder (C:\ctrlaltdel\ is one of them, the rest are also in the root directory, and also named for the individual user). As for updating, I install to the C:\mircversion folder (example: c:\mirc635) and simply copy/paste the new .exe file and help files (as necessary).
I fail to see how this is "bad practice" .. I have total control over the scripts in each folder (not all the same), which keeps them from loading scripts they don't need.
If they were in "one install" the scripts would be available for everyone which in MY opinion would be a security risk since I personally use scripts that the others have no business even seeing.

To each his own, I guess.


I refuse to engage in a battle of wits with an unarmed person. wink
Joined: Feb 2004
Posts: 206
D
Fjord artisan
Offline
Fjord artisan
D
Joined: Feb 2004
Posts: 206
Perhaps to each his own. But you still have some misconceptions in your thinking, or are perhaps following an outdated model for the storage of files or applications.

The application can be in one folder (read only to all except the admin - yourself?). Thus, your users cannot overwrite the application with a rogue app (accidently, unwittingly, deliberately, whatever).

The main (individual) ^.ini file (mirc.ini) and any associated script files can be in the user's own folder. When you do "one install", the script files do not have to be available for everyone. The location of script files is held in mirc.ini and customisable - this is the strength of the "-i" command line parameter.

You can still use common script files (only one version needed) which you control - if you wish. Users can create and load their own script files in addition.

I argue that a proper multi-user install and configuration will give you more control and will give your users both better customisation and security than the model you are currently using.

But, as you say - each to your own. I am merely trying to point out some of the better practices that are available, practices that are enabled by improvements in the operating system.


Cheers,

DK


Darwin_Koala

Junior Brat, In-no-cent(r)(tm) and original source of DK-itis!
Joined: Jul 2008
Posts: 236
S
Fjord artisan
Offline
Fjord artisan
S
Joined: Jul 2008
Posts: 236
Originally Posted By: CtrlAltDel
to Darwin_Koala also:
I do not allow users "free access to the C:\programs" folders ..
good
Originally Posted By: CtrlAltDel
they have free access to their own folder
why? An attacker gets an entire directory tree that they can write to, making possible compromisations slightly more difficult to find. Think about it: 7 installs, 4 or 5 directories each... 28-35 directories to search for files that may very well be hidden as .mp3 or even .dll files (not to mention the countless other directories that are within the users home dir). Heck they may even modify the .exe file so you can't load mIRC in Admin, or your entire system is bunked!
Originally Posted By: CtrlAltDel
(... As for updating, I install to the C:\mircversion folder (example: c:\mirc635) and simply copy/paste the new .exe file and help files (as necessary).
You are doing alot more work than I do. Simply install the new mIRC straight over the top.
Originally Posted By: CtrlAltDel
I fail to see how this is "bad practice" ..
The practice of installing separate copies for each user isn't a bad one, though it can be quite wasteful (particularly if you're talking about Microsoft Word). Failure to notice a serious compromise is a bad practice.
Originally Posted By: CtrlAltDel
... If they were in "one install" the scripts would be available for everyone which in MY opinion would be a security risk since I personally use scripts that the others have no business even seeing.
Not if you go through the trouble of setting up the user accounts in the control panel. If you have solely restricted account using mIRC, they shouldn't be able to modify the program files directory, so they'll save all of their data (.ini, scripts, downloads, etc) into their userdir. They won't be able to access each others scripts, or modify mIRCs core files (do not confuse with mIRCs settings files, which would be stored in the user's home dir somewhere).

Last edited by s00p; 20/11/09 10:52 PM.
Page 2 of 2 1 2

Link Copied to Clipboard