What is the difference between the User scope and Application scope in app.config?
User-scope settings are used to store values specific to each individual user, whereas application-scope settings are used for all users.
Take a look at this article.
User Scoped Settings will only affect the current user and are relatively safe to set. They are stored in a user specific location so there is no real issue with writing to them.
Application Scoped Settings on the other hand are read-only and cannot be changed
Related
I see an edit variable permission that is scoped to the environment. However, it seems like who ever is responsible for setting up the project, would be responsible for creating the variables, where some other security entity would be responsible for only modifying the values, specifically the secure ones. Is this possible?
Edit:
Adding a little more, I suppose I'm asking for permissions based on the project variable set. Only those with the "EditProjectVariableSet" permission would be able to add or remove variables from the project.
Edit:
Added uservoice:
https://octopusdeploy.uservoice.com/forums/170787-general/suggestions/18022360-separate-permission-for-editing-variable-values-wi
In the Configuration->Teams there is a link to Roles.
You could create a new role, for ex: Variable Editor and only assign VariableEdit, VariableEditUnscoped, VariableView, VariableViewUnscoped.
However I don't think you can restrict to a modification only.
I'm having trouble with my own AppleScript applications and Accessibility in "Security & Privacy".
I've written an application called "open cubase" that I've granted accessibility rights. I used Apple's advice on how to prevent repeated re-authorization (http://support.apple.com/kb/HT5914). But now even when the application is listed and selected in the Accessibility list, it says that it doesn't have assistive access.
And when I'm using
sudo sqlite3 /Library/Application\ Support/com.apple.TCC/Tcc.db 'SELECT * FROM access WHERE client LIKE "%%"'
to check what's going on, I can see this:
kTCCServiceAccessibility|com.atonus.open-cubase|0|1|0|??
Why is there ?? at the end of that? Is there anyone who would know how to resolve this?
I'm using OSX 10.9.2.
Update, based on feedback from the OP:
The OP's issue is not the use of property statements that normally cause an AppleScript-based application to self-modify the application bundle's embedded Contents/Resources/Scripts/main.scpt script file when property values change at runtime.
However, Apple's workaround at http://support.apple.com/kb/HT5914
IS specifically meant to address not requiring re-authorization as a result of this self-modification issue for a given version of an application.
is NOT meant to allow updating the app (changing its source code or resources) without re-authorization.
For security reasons there is NO way to grant one-time authorization to an app based on its bundle ID and then keep it authorized no matter how it changes (e.g., through updates).
You have two options:
Either: Re-authorize the application every time you update it.
After updating your app, go to System Preferences > Security & Privacy > Privacy > Accessibility and toggle the checkmark next to the list item representing your application (if you application isn't there, drag it there).
Note: With Apple's workaround in place - which for security reasons is NOT a good idea unless you truly need to use property statements that persist their values - it may be sufficient to re-sign the application - haven't verified that.
Or: Use a workaround - not recommended for security reasons:
Make your app an unchanging wrapper that loads the true script code at runtime from a location OUTSIDE the app bundle - that way, the app stays the same and doesn't require re-authorization even if the script file loaded at runtime changes.
Example: Say your true script code - involving code requiring assistive access - is stored as ~/Desktop.test.scpt; your wrapper application, once authorized, can then invoke that script with run script file ((path to home folder as text) & "Desktop:test.scpt")
I don't have a specific explanation, but a recommendation:
Do not use properties (e.g., property FNAME : "Input.txt") in your AppleScript-based applications: AppleScript persists these automatically (preserves their values between runs), but the feature is implemented awkwardly (the persisted values are written to the *.scpt file itself - this is what causes the repeated authorization problem) and flimsily (if you modify your application and save (the *.scpt file at the heart of the) application again, previously persistent values are lost).
If you stay away from properties, the problem with repeated authorization simply goes away (unless you update your application). You can roll your own persistence, e.g., via AppleScript's support for .plist (property-list) files (see the System Events dictionary).
You also won't need the workaround described in the linked support article (http://support.apple.com/kb/HT5914), which is also a plus, given that the workaround is based on opening up a security hole.
As for your specific question:
The ?? is the - unhelpful - representation of the csreq columnn value from the TCC.db database and is not a problem per se; OSX manages that column behind the scenes; it contains a fingerprint of sorts identifying the application in its specific current form (similar to an MD5 hash, though I have no idea what is actually being used), so as to be able to detect tampering later.
However, I suspect you may be looking at the wrong database entry:
I'm puzzled by your bundle ID being com.atonus.open-cubase: if your app is an AppleScript-based *.app bundle, its bundle ID would have the fixed prefix com.apple.ScriptEditor.id., e.g., com.apple.ScriptEditor.id.open-cubase. Did you manually modify the bundle ID via the bundle's Info.plist file, or am I missing something?
When the OS determines tampering/a change in an authorized application:
It resets the allowed column value to 0, i.e., revokes authorization
It resets the csreq column value to NULL.
Thus, after you've seen the ... is not allowed assistive access dialog, the database entry should be reported as kTCCServiceAccessibility|com.atonus.open-cubase|0|0|1| - note the changed Boolean flags and the absence of the ?? at the end.
With a program that I'm working on, I have a need to be sure that keyboard access features like Sticky Keys is disabled for everyone.
I have code that can:
Change the active setting for the current user (enable or disable). This only affects the current user when they are logged in and is not something that is permanently set.
Change the registry setting for the current user (disabling by setting HKCU\Control Panel\Accessibility\StickyKeys\Flags to "506"). This only affects the current user's registry entry and will make sure that the settings are set for each time they log into Windows.
Change the registry setting for the ".DEFAULT" user in a similar way as item 2. This means that any new account that is set up on the computer will have Sticky Keys and the hot key for it disabled by default.
What I don't know how to do is to go about changing the setting for all of the existing users whose settings are in the registry when they are not logged in. Essentially, I want to be sure that Sticky Keys are disabled for them. Is there a convenient way that I can parse the registry for all existing user accounts and change that setting?
I Understand Your Problem, the answer is too long to post here,
Please Read this and it i think you will have your answer
let me know how you go
PS, The Link is safe and virus free, don't worry
DISABLING STICKY KEYS FOR ALL USERS
One Last thing, i thought might be useful in your situation
Please be advised that, when you Access a Hidden File called "Default" Under Users
C:\Users\Default
BE REALLY CAREFUL HERE (this file is critical)
Any Changes or settings made to this file will affect all users and all Future User Accounts
simple question here. What is the difference between putting a string in Settings.settings and putting a string in Resources.resx ?
Regards
In Settings.setting the string will be placed in a config file, bassicaly a xml document which stores all kind of information your application needs to run. It's best practice to store configurable information in here. Also you can set the scope of the config value (application and user).
Application scoped config values will be shared among all users, while the user ones are limited to the current executing user of the application.
The .resx file is the place for storing all kinds of stuff your application needs to run, like images and so on. Files in here should be normally not editable by the user, its as the name states, a resource pool for your application. Also resources are also always global.
I'm probably not the first one facing this problem, but I couldn't find a proper answer anywhere.
I have a Windows Forms application that uses a strongly-typed DataSet. The designer uses a connection string defined in the application settings. The trouble is that this setting is defined as Application scope (thus read-only), and I need to be able to change it at runtime. In the settings designer, when the type of a setting is "Connection String", it's not possible to change the scope to "User". And the generated dataset doesn't provide a constructor allowing to choose the connection string at runtime, it always uses the one in the settings.
Do you know why MS introduced this restriction? Do you have any workaround?
I'm currently using a workaround that's really ugly: I change the type of the setting to "String", and the scope to "User". That way, I can change it at runtime and it works fine. The trouble is that when I need to modify the dataset in the designer, I have to change it back to "ConnectionString", otherwise the designer doesn't work.
Thanks in advance for your suggestions!
You can change the value of an ApplicationScope setting at runtime. While the generated and strong-typed property is readonly you can use:
Properties.Settings.Default["App1"] = "bbb";
After that, Properties.Settings.Default.App1 will read "bbb";
This should make it possible to leave the design time setting alone.
You cannot use Settings.Default.Save() for ApplicationScope settings but that is intentional. A normal User does not have the privileges to write in a subfolder of Program Files