DACL. Is it necessary to know ?
-
Being an vc++ windows application programmer is it necessary to have knowledge about DACL.
Typically, no. The right behaviour is normally to simply pass
NULLfor anlpSecurityAttributesparameter, in which case Windows will apply a default ACL to the object. If you do want to know about ACLs and security, I suggest Programming Windows Security by Keith Brown. Stability. What an interesting concept. -- Chris Maunder -
Typically, no. The right behaviour is normally to simply pass
NULLfor anlpSecurityAttributesparameter, in which case Windows will apply a default ACL to the object. If you do want to know about ACLs and security, I suggest Programming Windows Security by Keith Brown. Stability. What an interesting concept. -- Chris MaunderThx for you quick reply. BTW when will i have to use and learn to use DACL. Any simple situation where i cannot survive with a knowledge of DACL.
-
Thx for you quick reply. BTW when will i have to use and learn to use DACL. Any simple situation where i cannot survive with a knowledge of DACL.
sanomni wrote: BTW when will i have to use and learn to use DACL. Any simple situation where i cannot survive with a knowledge of DACL. It depends on what type of software you are developing. I've not needed to know anything about it since NT was introduced. However, if my coding required anything security-related, I would thus know quite a bit about it.
"The pointy end goes in the other man." - Antonio Banderas (Zorro, 1998)
-
Thx for you quick reply. BTW when will i have to use and learn to use DACL. Any simple situation where i cannot survive with a knowledge of DACL.
Here is a scenario where you must know DACL, because the NULL will not work. If you have two processes, one of which is running as a service under the local system account, and you want each one to be able to open a mutex, but you do not want the mutex to have 'wide open' access, then you must apply a DACL. This is all well and good, but suppose the process which is running as a service created the mutex, and the other process is running under the security context of the logged on user. The logged on user process will not be able to open the mutex if it was created under the context of the service (which usually runs as local system) - it will get access denied. So, then you have to apply the correct kinds of DACL to not only secure the object, but to allow it to be opened by the correct types of users. Typically, the NULL DACL will either assign the object the security context of the process which created it, or give the object access to 'everyone'. In some cases, like the one mentioned here, neither case is a workable solution, so a non-NULL DACL must be applied.