"Wait a minute," you're probably thinking. "That's (1) bad practice and (2) not allowed." Although I agree it's not an ideal location, it's not a completely bad practice. The reason for the program folder being read-only is to prevent malware from attacking your EXE and DLL files. Putting only data files into a Data subdirectory doesn't open any security holes because no executables go there.
As for not being allowed, that's true by default. However, you can easily change permissions on the folder when your installer creates it. In Inno Setup, simply create your directory like this:
[Dirs]This gives all users the ability to write to the folder.
Name: "{app}\Data"; Permissions: everyone-modify
I don't store much in Data, certainly not the data files my application uses. The main thing stored there is an INI file that contains a setting specifying the location of the data files. When the user starts the app for the first time, a dialog prompts them for the data file location and writes the response to the INI file (which it can do because the INI file is in the writable Data folder). Our app looks in a consistent writable location for the INI file, making the code easy.
3 comments:
I have a couple of questions about this idea Doug:
1) Opening up the folder with the permisions: while you are not writing any EXE or DLL, couldn't a sneaky malware app find this folder and write to it on its own and put in an EXE the user could run from Explorer unintentionally?
2) Does the file still get virtualized?
For some reason, I didn't see your comment before today; sorry about that, Rick.
1. Yes, but that could happen in any folder that's writable.
2. No.
This is too simple a question, but why could Vista not keep track of your .EXEs starting folder and give ONLY that EXEs processes permission to write to it's own folder?
Post a Comment