On Thu, 7 Oct 2010, Sven Barth wrote:
Am 07.10.2010 14:21, schrieb Michael Van Canneyt:
On Thu, 7 Oct 2010, Sven Barth wrote:
Am 07.10.2010 13:43, schrieb Michael Van Canneyt:
On Thu, 7 Oct 2010, Sven Barth wrote:
So: Norms ? Thank you, but I'll pass on that and implement what I
perceive as
simple and correct :-)
If the applications would keep their read only files in 'c:\program
files' and write only into those directories that they should (e.g.
user's appdata and global appdata (although this one should not be
used for sharing writable files...)) we wouldn't have all these
problems (virtual file store, UAC, etc.).
Some applications must write in the application directory.
Our apps do automatic updates at least once a month. The updates cannot
be postponed. I don't see how this can be achieved without writing in
the
application directory.
As "updating applications" is an administrative task it should only be
done by those users that are allowed to do that.
Yes, but if the administrator must update 20 PCs manually every 2 weeks,
he quickly complains that he has better things to do, so it must be done
when the 'ordinary' user uses the application.
But this is one of the tasks that a administrator should do. He should check
that "his" computers are in good and up to date condition (that most admins
think a bit different about this is another story...)
Well, in schools the administrator is a teacher (usually maths or so) who
gets the additional job of managing the schools' IT structure. And all our
clients are schools.
I'm not making this up, it's just real life.
That's the problem :(
I am aware of the theory and the good practices, but in a commercial
environment, different rules enter the game. I just haven't found a
satisfying solution yet :-)
Perhaps the correct solution would be to create a user group that's named
e.g. "Michael's software users" and this group is granted write permission to
your software's main directory. Now every user who uses your software is
added to the group and voila! (that would even work on *nix systems)
Since that are usually all users of the PC, this amounts to giving all users
write permission to the app directory, which is what the admins do now :-)
Anyway, just to say that 'norms' are nice, but practice is another story.
I'll see about a more 'safe' gettempfilename() which is what the discussion
was all about in the first place.
Michael.
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
