Subject Re: "aliases.conf" access problem under Windows Vista
Author Adam
--- In, "ove.bjerregaard"
<ove.bjerregaard@...> wrote:
> I have an application that can make new entries in aliases.conf.
> This is not possible under Windows Vista, as the application does not
> have write permission to the "Program Files" folder, unless the user
> starts the application with "Run as Administrator".
> This is a general Microsoft access limitation, and all documentation
> from Microsoft suggest that the correct thing to do is to put all
> static files (.exe, .dll etc.) in the "Program Files" folder, and all
> other files in the "Users\AppData" folder.
> It is possible to change the firebird.conf, so the Firebird server
> looks for the alises.conf file in a different location, but if this
> location is in the users "AppData" folder, this file will not be
> available for other users of the computer.
> So if I want to have one, central, single aliases.conf file for all
> users of the computer, where should I put it, and how should I do this?

It is not a "limitation". It is called "security". In fact, Windows XP
(heck any Windows that has NTFS) will only let you do this if you are
a power user or administrator.

I believe that allowing an arbitrary user to add or remove things from
the aliases.conf file is potentially a security flaw.

You also appear to be making the assumption that there is only a
single instance of Firebird on the computer in question. There is
nothing stopping you from installing different instances listening to
ports, each with their own aliases.conf. (It also begs the question of
how your application identifies which instance of aliases.conf it
returns). I also wouldn't be assuming that aliases.conf will be around
together, there are a number of requests that have come up in this
list in the past few months that, if implemented, would require
placing the aliases inside a database.

Presuming you have legitimate answers to the above questions, one
approach would be to write a service application. You don't mention
your programming environment, but if I was doing this in Delphi, I
would write a RemObjects server that listened to a TCP port. This
service would be installed as a user with write access to the Firebird
folder. The client application would make requests to the RemObjects
server (so the process working with the file from Windows perspective
would be the service running as a user with elevated privileges in
that folder). If your application is well written, it should only take
minutes to hours (depending on the complexity) to make these changes.