Ini Exposed!
Moderators: Tyler, Scott, PWB v2 Moderator
Ini Exposed!
Question:
How do I prevent users from hacking the pwb.ini file?
I have set the whole folder as hidden, removed Folder Options from the toolbar to prevent turning Show Hidden Files back on. I tried making all ini files super hidden, but that didn't work. There are other numerous ways of accessing this file. For instance in Word > Insert Hyperlink you can see everything. Or access from another PC with Show Hidden Files turned on.
I have tried renaming it and shifting it to a different folder, but SetPwb doesn't make PWB.exe look there, all I get is an error when trying to open Pwb. This is only a partial solution anyway because a dedicated person can easily find it.
What I need is password access to this file. Does anyone else have this problem?
Maybe when the tabbed selection option comes up, a password to access the password would be nice.
I noticed in another post, someone mentioned keyboard mapping - I think I will try that out for a short term lark.
How do I prevent users from hacking the pwb.ini file?
I have set the whole folder as hidden, removed Folder Options from the toolbar to prevent turning Show Hidden Files back on. I tried making all ini files super hidden, but that didn't work. There are other numerous ways of accessing this file. For instance in Word > Insert Hyperlink you can see everything. Or access from another PC with Show Hidden Files turned on.
I have tried renaming it and shifting it to a different folder, but SetPwb doesn't make PWB.exe look there, all I get is an error when trying to open Pwb. This is only a partial solution anyway because a dedicated person can easily find it.
What I need is password access to this file. Does anyone else have this problem?
Maybe when the tabbed selection option comes up, a password to access the password would be nice.
I noticed in another post, someone mentioned keyboard mapping - I think I will try that out for a short term lark.
Aze1
Hi Aaron,
You could change the file permissions on the files to read only...
Right-click > Properties > Security > Permissions
This assumes you are using an NT based OS which will be more robust about security. You make the changes logged on as an administrative user and allow only read access to normal users.
It won't stop your customers looking at it, but they won't be able to make changes.
Most other loop holes in your security can be shut down, but I still haven't seen a way to stop Word from looking at files on the HDD. (You can use ManageIE to stop the hyperlinks though).
Greg
You could change the file permissions on the files to read only...
Right-click > Properties > Security > Permissions
This assumes you are using an NT based OS which will be more robust about security. You make the changes logged on as an administrative user and allow only read access to normal users.
It won't stop your customers looking at it, but they won't be able to make changes.
Most other loop holes in your security can be shut down, but I still haven't seen a way to stop Word from looking at files on the HDD. (You can use ManageIE to stop the hyperlinks though).
Greg
A thought just occurred to me:
Dependent on your OS, you could even eliminate read access to the files and run PWB using different credentials. XP offers a pretty simple means of doing this, and there are several tools available to make the process more automated and secure in a public environment.
I haven't tried this with PWB (but I have with other programs), so I'd be interested to hear if anyone on the forus has tried this (successfully or otherwise).
Now I think I'll add this to my list of things to experiment with.... :)
Greg
Dependent on your OS, you could even eliminate read access to the files and run PWB using different credentials. XP offers a pretty simple means of doing this, and there are several tools available to make the process more automated and secure in a public environment.
I haven't tried this with PWB (but I have with other programs), so I'd be interested to hear if anyone on the forus has tried this (successfully or otherwise).
Now I think I'll add this to my list of things to experiment with.... :)
Greg
Hi,
On our XP stations, PWB and it's related files are all housed on a network share. I have the "AutoComplete" turned off in the Internet Options, and the user does not have access to the Network Neighborhood or Show Entire Network - so, "in theory," there is no way for them to directly view the network share, and consequently view the ini file. Also, most of our patrons wouldn't know where to begin when it comes to interpreting an INI file *chuckles*... but I suppose some would be.
I just realized one thing, though - I need to reposition the desktop PWB icon... because when the computer boots up, the mouse pointer happens to be on that link, and it displays the full UNC path to the shortcut (which is also on the same network share)
Time to fix that...
On our XP stations, PWB and it's related files are all housed on a network share. I have the "AutoComplete" turned off in the Internet Options, and the user does not have access to the Network Neighborhood or Show Entire Network - so, "in theory," there is no way for them to directly view the network share, and consequently view the ini file. Also, most of our patrons wouldn't know where to begin when it comes to interpreting an INI file *chuckles*... but I suppose some would be.
I just realized one thing, though - I need to reposition the desktop PWB icon... because when the computer boots up, the mouse pointer happens to be on that link, and it displays the full UNC path to the shortcut (which is also on the same network share)
Time to fix that...
Ok it seems that this is an issue that the mods need to look at.
I am actually running ME so most things you suggest wont work too well.
But I did actually work out a nifty trick to tide me over till I can sort out something else.
I looked up Character Map, and found some fonts that just look like square boxes and require a keyboard shortcut key like this one:
I am actually running ME so most things you suggest wont work too well.
But I did actually work out a nifty trick to tide me over till I can sort out something else.
I looked up Character Map, and found some fonts that just look like square boxes and require a keyboard shortcut key like this one:
Aze1
How about we add a registry entry that PWB checks for the INI location. This would allow the INI file to be hidden on the computer. Or we could have PWB read all the INI settings from the registry instead of using an INI file. We chose to use the INI because it adds flexibility to the configuration.
--Scott
--Scott
I would rather have just an option to read the INI file location from a registry entry - although I work at a small library, that would mean that every time I need to update or reconfigure PWB, I would need to disable security on 7 computers, make the registry changes locally, then reenable security, etc. etc. I can't imagine how our resource library would fare with ten times as many computers
By using the INI file on a network share, I make one change, and instantly all of the computers in our library are up to date, without having to make a single change on the local computers.
Just my $.02
By using the INI file on a network share, I make one change, and instantly all of the computers in our library are up to date, without having to make a single change on the local computers.
Just my $.02
Hi spragers,
I wrote a little perl script to make all of our registry changes remotely from an admin computer. I use it to enable/disable security settings quickly, but it could be used in situations like this, plus you can specify exactly which PCs you want to effect.
Of course, eventually Scott could add remote functionality to whatever utility we use to make the changes anyway.
(Select the Ini settings to change) >
(Select the computers you want them to effect) >
(Hit OK)
Greg
I wrote a little perl script to make all of our registry changes remotely from an admin computer. I use it to enable/disable security settings quickly, but it could be used in situations like this, plus you can specify exactly which PCs you want to effect.
Of course, eventually Scott could add remote functionality to whatever utility we use to make the changes anyway.
(Select the Ini settings to change) >
(Select the computers you want them to effect) >
(Hit OK)
Greg
Hi,
We also use hard disk security software (DriveShield), so to change even one setting requires multiple reboots and security setting changes, etc. etc.
I'm not saying it wouldn't be a nice feature to put those settings in the registry as well, I just hope that the INI file remains an option as well
We also use hard disk security software (DriveShield), so to change even one setting requires multiple reboots and security setting changes, etc. etc.
I'm not saying it wouldn't be a nice feature to put those settings in the registry as well, I just hope that the INI file remains an option as well
I am currently adding options for registry settings for PWB configuration.
Registry setting to supply INI path.
All INI settings will be mirrored in the registry. PWB will read the settings first from the INI file, then the HKEY_LOCAL_MACHINE, then the HKEY_CURRENT_USER. With the settings being set in the respective order. This will give the option to have some or all the settings in the INI or the registry.
--Scott
Registry setting to supply INI path.
All INI settings will be mirrored in the registry. PWB will read the settings first from the INI file, then the HKEY_LOCAL_MACHINE, then the HKEY_CURRENT_USER. With the settings being set in the respective order. This will give the option to have some or all the settings in the INI or the registry.
--Scott
Here is a new version of PWB that includes the fixes and settings listed below. I did include a new INI file in the zip file, make sure you do not overwrite your current INI file.
www.teamsoftwaresolutions.com/beta/PWBv205r1.zip
--Scott
Version 2.05 revision 1 beta
Fixed Windows fonts in menus.
Fixed second window sizing problem.
Added support for alternate INI path specification in the Windows Registry.
If no INI is specified on the command line, PWB will look in the following locations for the INI file or INI path. In the event all the following are specified, PWB will use the last specified in the following order.
1. Current directory for PWB.INI
2. HKEY_LOCAL_MACHINE\Software\TeamSoftware Solutions\Public Web Browser v2\INI_Path
3. HKEY_CURRENT_USER\Software\TeamSoftware Solutions\Public Web Browser v2\INI_Path
Added support for all INI settings to be in the Windows Registry.
1. Each setting can be specified in any of the listed Locations.
2. All settings in the Windows Registry are of String type.
3. With settings in multiple locations, the last location will take precedence.
4. The "Key" and "Value" below correspond to the Section and key information in the INI file.
Example:
[Browser] HomePage=
HKEY_CURRENT_USER\Software\TeamSoftware Solutions\Public Web Browser v2\Browser\HomePage
Configuration information will be read from the following location in this order.
1. Normal PWB INI file.
2. HKEY_LOCAL_MACHINE\Software\TeamSoftware Solutions\Public Web Browser v2\"Key"\"Value"
3. HKEY_CURRENT_USER\Software\TeamSoftware Solutions\Public Web Browser v2\"key"\"Value"
The following keys have been added to the PWB INI file but will not be official until PWB v2.06.
These keys do not need to be added to the PWB v2.05 INI file for this revision to work.
Each key has been disabled by default in PWB if the key is not found in the INI file.
[Browser] AutoSizeButtons=False
[Browser] DisableIESubClass=False
[Security] ShowFilterStatus=False
[Security] FilterOnText=<Filter On>
[Security] FilterOffText=<Filter Off>
[Security] ShowProxyStatus=False
[Security] ProxyOnText=<Proxy On>
[Security] ProxyOffText=<Proxy Off>
[Security] ShowDenyDialogOncePerSession=False
[Overrides] DisableFilters=
www.teamsoftwaresolutions.com/beta/PWBv205r1.zip
--Scott
Version 2.05 revision 1 beta
Fixed Windows fonts in menus.
Fixed second window sizing problem.
Added support for alternate INI path specification in the Windows Registry.
If no INI is specified on the command line, PWB will look in the following locations for the INI file or INI path. In the event all the following are specified, PWB will use the last specified in the following order.
1. Current directory for PWB.INI
2. HKEY_LOCAL_MACHINE\Software\TeamSoftware Solutions\Public Web Browser v2\INI_Path
3. HKEY_CURRENT_USER\Software\TeamSoftware Solutions\Public Web Browser v2\INI_Path
Added support for all INI settings to be in the Windows Registry.
1. Each setting can be specified in any of the listed Locations.
2. All settings in the Windows Registry are of String type.
3. With settings in multiple locations, the last location will take precedence.
4. The "Key" and "Value" below correspond to the Section and key information in the INI file.
Example:
[Browser] HomePage=
HKEY_CURRENT_USER\Software\TeamSoftware Solutions\Public Web Browser v2\Browser\HomePage
Configuration information will be read from the following location in this order.
1. Normal PWB INI file.
2. HKEY_LOCAL_MACHINE\Software\TeamSoftware Solutions\Public Web Browser v2\"Key"\"Value"
3. HKEY_CURRENT_USER\Software\TeamSoftware Solutions\Public Web Browser v2\"key"\"Value"
The following keys have been added to the PWB INI file but will not be official until PWB v2.06.
These keys do not need to be added to the PWB v2.05 INI file for this revision to work.
Each key has been disabled by default in PWB if the key is not found in the INI file.
[Browser] AutoSizeButtons=False
[Browser] DisableIESubClass=False
[Security] ShowFilterStatus=False
[Security] FilterOnText=<Filter On>
[Security] FilterOffText=<Filter Off>
[Security] ShowProxyStatus=False
[Security] ProxyOnText=<Proxy On>
[Security] ProxyOffText=<Proxy Off>
[Security] ShowDenyDialogOncePerSession=False
[Overrides] DisableFilters=