How to implement security in a graphical application?

Question

How to implement security in a graphical application?

I am writing a GUI application that will have a user login function. Each user will belong to (at least one, possibly more than one) group, and each group will have attributes indicating whether certain rights are allowed or denied. The list of rights will cover things like editing things from the past, printing, deleting data, etc. Many different actions can be processed with the same right (printing can be initiated both from the menu and from the toolbar, for example).

My question is: what is the best way to implement this security system? Should each action have a Boolean isSecurable attribute and a list of required rights? How should verification be carried out with the help of a central structure, or does each action check for the necessary rights?

I strive for correctness here. I know that I can quickly hack into a working system, but I would like to have something that will not cause problems in the future. I apologize for the detailed explanation, but I'm not even sure what to name for what I'm looking for.

Editing: in my opinion this is not a very GUI-specific interface, but I have studied a little about this information, and most of the things that I find are for web applications or general tips for safe programming.

/ p>

+3

security

Richard Waite Jan 21 '09 at 21:35

source share

5

- MVC GUI. , , .

, , -, , , , .

, - :

, , / .

+1

BCS 21 . '09 21:49

.NET, . -, , MSDN.

+1

Yordan Pavlov 21 . '09 21:57

. , , . . , -, , .

, Decorator.

0

geowa4 21 . '09 22:01

, , . , , -.

(Windows GUI MySQL), Delphi 7.

. Factory (), , , .

, .

, , . , , . , .

, - :

" " "/ ",
"/ ",
.

:

unit bitwise; // Found this unit on stackoverflow - All credit to original author

    interface

    Const // Added constants that suit me

      Adm = 01; // Administrator
      Rws = 02; // Read Write Sales
      Ros = 04; // Read Only Sale
      Rwp = 08; // Read Write Production
      Rop = 16; // Read Only Production 
      roa = 32; // Read Only All
      acc = 64; // Accounting

    function IsBitSet(const val: byte; const TheBit: Byte): Boolean;
    function BitOn(const val: byte; const TheBit: Byte): byte;
    function BitOff(const val: byte; const TheBit: Byte): byte;
    function BitToggle(const val: byte; const TheBit: Byte): byte;

    implementation

    function IsBitSet(const val: byte; const TheBit: Byte): Boolean;
    begin
      Result := (val and (TheBit)) <> 0;
    end;

    function BitOn(const val: byte; const TheBit: Byte): byte;
    begin
      Result := val or (TheBit);
    end;

    function BitOff(const val: byte; const TheBit: Byte): byte;
    begin
      Result := val and not (TheBit);
    end;

    function BitToggle(const val: byte; const TheBit: Byte): byte;
    begin
      Result := val xor (TheBit);
    end;

      end.  // End of Unit

, , -, , .

Function TForm1.HasRights(Need: Byte; Msg: String;): Boolean;
Begin

  If Not IsBitSet(rights, Need) Then
  Begin
    showdialog('Security', 'You have insufficient Security Rights!', 'You must have ' +
      Msg + ' access to perform the action you have attempted.', '', '', false, False, True);
    Result := False;
  End
  Else
    Result := True;

End;

:

If HasRights(Rop Or Rwp Or Adm, '"Read Only Production" or "Read / Write Production"') Then
Begin

  // Do something they are allowed to do

End // else ignore them

, IsBitSet :

If IsBitSet(rights, Adm) Then
    Begin
      // Do stuff
    end;

, ShowDialog.. , , .

Function TForm1.showdialog(Const DialogTitle: WideString; Const FirstCaption: WideString;
  Const SecondCaption: widestring; Const ConfirmBCaption: widestring; Const CancelBCaption:
  widestring; LeftButton, RightButton, MiddleButton: Boolean): boolean;
Var
  whattheysaid: boolean;
  craigsdialog: Tcraigsdialog;
Begin

  // Modal1Button and Modal2Button can have modified captions whereas Modal3Button
  // is always "Ok". If the only button a user needs is "Ok" then make it visible
  // and receive a modalresult of 3 when clicked. This 3rd button is for appearance
  // only and just makes it a bit neater.

  Whattheysaid := False;
  Craigsdialog := Tcraigsdialog.Create(nil);
  With Craigsdialog Do
  Begin

  // Set the Dialog details as required

    Caption := DialogTitle;
    Label1.Caption := FirstCaption;
    Label2.Caption := SecondCaption;

    Modal1Button.Visible := leftbutton;
    Modal2Button.Visible := rightbutton;
    Modal3Button.Visible := Middlebutton;

    modal1button.Caption := ConfirmBCaption;
    modal2button.Caption := CancelBCaption;

    Case ShowModal Of
      1: whattheysaid := True
      2: whattheysaid := False
      3: whattheysaid := True
    End;
  End;
  FreeAndNil(craigsdialog);
  Result := whattheysaid;
End;

, , .

0

Admiral Noisey Bottom Jun 30 '16 at 14:30

source share

Liudvikas Bukys · Accepted Answer · 2009-01-21T21:59:30+0000

"BCS" , , //, . MVC , .

, , - (, ), .

: , , "" .

How to implement security in a graphical application?

More articles: