User Level restriction------- which method is best xml or dll ??
-
Hi all! I have gotta small dilemma in proceeding with my project. I thought it would be better to ask the gurus to sort it out in their own fashion... Here it goes... I am developing a small consoleapplication, which is used to fetch data from a distance server. The details of "which" data to be fetched is given as a command line option. I have several such commands and everything was working fine. But now, for some reasons i want to restrict the usage of certain commands, i.e., much similar like a basic user and admin user level. Admin user can use all the command options whereas basic user can use only non-restricted commands. For this, I have created two attributes named "admin" and "basic" and applied to the corresponding commands. The attributes need to compared with the user level configuration. Now how do i make the application to differentiate the user rights?? option 1: Have a XML config file with a "user level" field and read the XML file in the runtime and allow access... option 2: have a shared dll file with a "user level" property and read the dll during runtime and allow access accordingly.... Note: The main requirement is that user rights can be upgraded and downgraded from "basic" to "admin" and vice versa just by modifying the configuration entries... Please suggest, which one to use and if any other better option too....
Have a Happy Coding.....
-
Hi all! I have gotta small dilemma in proceeding with my project. I thought it would be better to ask the gurus to sort it out in their own fashion... Here it goes... I am developing a small consoleapplication, which is used to fetch data from a distance server. The details of "which" data to be fetched is given as a command line option. I have several such commands and everything was working fine. But now, for some reasons i want to restrict the usage of certain commands, i.e., much similar like a basic user and admin user level. Admin user can use all the command options whereas basic user can use only non-restricted commands. For this, I have created two attributes named "admin" and "basic" and applied to the corresponding commands. The attributes need to compared with the user level configuration. Now how do i make the application to differentiate the user rights?? option 1: Have a XML config file with a "user level" field and read the XML file in the runtime and allow access... option 2: have a shared dll file with a "user level" property and read the dll during runtime and allow access accordingly.... Note: The main requirement is that user rights can be upgraded and downgraded from "basic" to "admin" and vice versa just by modifying the configuration entries... Please suggest, which one to use and if any other better option too....
Have a Happy Coding.....
The trouble with XML is that it's human readable and easy to change, if someone wants to give themselves admin rights.
Christian Graus Driven to the arms of OSX by Vista. "I am new to programming world. I have been learning c# for about past four weeks. I am quite acquainted with the fundamentals of c#. Now I have to work on a project which converts given flat files to XML using the XML serialization method" - SK64 ( but the forums have stuff like this posted every day )
-
The trouble with XML is that it's human readable and easy to change, if someone wants to give themselves admin rights.
Christian Graus Driven to the arms of OSX by Vista. "I am new to programming world. I have been learning c# for about past four weeks. I am quite acquainted with the fundamentals of c#. Now I have to work on a project which converts given flat files to XML using the XML serialization method" - SK64 ( but the forums have stuff like this posted every day )
yes obviously.... That is the reason why i keep on scratching my head.......
Have a Happy Coding.....
-
yes obviously.... That is the reason why i keep on scratching my head.......
Have a Happy Coding.....
You could use a mechanism where you sign the xml with a certificate (private key). Within your dll you can check the signature of the xml (public key), to check that the xml was modified by you. This will let you take the advantages of xml when a user upgrades (better than using a dll that you have to compile). Regards Sebastian
It's not a bug, it's a feature! Check out my CodeProject article Permission-by-aspect. Me in Softwareland.
-
You could use a mechanism where you sign the xml with a certificate (private key). Within your dll you can check the signature of the xml (public key), to check that the xml was modified by you. This will let you take the advantages of xml when a user upgrades (better than using a dll that you have to compile). Regards Sebastian
It's not a bug, it's a feature! Check out my CodeProject article Permission-by-aspect. Me in Softwareland.
Thank you sebastian! Oh!! That really thrown some light!!! Thanks again...
Have a Happy Coding.....