Wednesday, December 05, 2007

Where Should Data go in Vista?

In part 1 of my two-part Advisor article on Windows Vista (http://advisor.com/doc/18897), I discussed some of the recommended places writable files should go in Vista. (To refresh your memory, your program files folder is most likely read-only even for administrators, so you can't store anything that needs to be updated there, such as your application's tables, INI files, etc.) However, I've recently changed where I store some writable data to a Data subdirectory of the program folder. The reason: I need a consistent location to look for global (that is, not user-specific) data. If the user installs the app on a server, I can't use a location like {CommonAppData} because that's on the user's hard drive. I need a location I can always count on regardless of whether the app's on a local or network drive.

"Wait a minute," you're probably thinking. "That's (1) bad practice and (2) not allowed." Although I agree it's not an ideal location, it's not a completely bad practice. The reason for the program folder being read-only is to prevent malware from attacking your EXE and DLL files. Putting only data files into a Data subdirectory doesn't open any security holes because no executables go there.

As for not being allowed, that's true by default. However, you can easily change permissions on the folder when your installer creates it. In Inno Setup, simply create your directory like this:
[Dirs]
Name: "{app}\Data"; Permissions: everyone-modify
This gives all users the ability to write to the folder.

I don't store much in Data, certainly not the data files my application uses. The main thing stored there is an INI file that contains a setting specifying the location of the data files. When the user starts the app for the first time, a dialog prompts them for the data file location and writes the response to the INI file (which it can do because the INI file is in the writable Data folder). Our app looks in a consistent writable location for the INI file, making the code easy.

3 comments:

Rick Schummer said...

I have a couple of questions about this idea Doug:

1) Opening up the folder with the permisions: while you are not writing any EXE or DLL, couldn't a sneaky malware app find this folder and write to it on its own and put in an EXE the user could run from Explorer unintentionally?

2) Does the file still get virtualized?

Doug Hennig said...

For some reason, I didn't see your comment before today; sorry about that, Rick.

1. Yes, but that could happen in any folder that's writable.

2. No.

Anonymous said...

This is too simple a question, but why could Vista not keep track of your .EXEs starting folder and give ONLY that EXEs processes permission to write to it's own folder?