Re: Strange security question. (hiding directories)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Children's Services, Sunnyvale Library: "Thanks!"
• Previous message: Children's Services, Sunnyvale Library: "Re: Strange security question."

That's really odd that hiding those directories doesn't work with Direct
Access, from a programmer's point of view. That means that instead of just
trying to use ("open") a file, Direct Access first looks for it using the
same system call that is used in the DIR command, and is specifying NOT to
look for hidden files (directories).

Most programs say "open file xxx", and if the file doesn't exist an error is
returned to the program. The "open file" DOS system call will open hidden
files just fine. From my point of view it is silly (plus a lot more
programming work) to use the DOS system calls to read the directory to see
if a file exists (and risk not finding hidden files) and then using the
"open file" call (which, by the way, you still need to check that the file
was indeed opened). But, once again, my opinion.

The point of hiding directories is to 1) make it harder for people to snoop
around the computer and find unprotected files they could overwrite, and 2)
to force your downloaded files into one directory -- making it less likely
to overwrite important files, and to make your job of cleaning up your hard
disk easier. (If a patron doesn't know other directories exist then they
can't save files to those directories.)

I have never had a need to use Direct Access, but maybe I should test out a
copy. Does anyone know if they have a web site?

What I would try with Direct Access is to place it in a subdirectory of a
subdirectory. That is, if Direct Access is currently in C:\DA, for example
and making C:\DA hidden causes problems, I would create a directory called
C:\menu and then place Direct Access in C:\menu\DA. Perhaps hiding C:\menu,
and not hiding C:\menu\DA would work. But, that's probably more work than
it is worth.

>Another question- I want to set my working directory in Netscape so that
>downloaded stuff goes to one directory; I'm using 1.2 and can't find the
>command. Is that only for later versions?

The working directory is a Windows setup parameter, not a Netscape parameter
(although it should be a setting in Netscape!).

To change the "working directory":

IF you use Windows built in security, Program Manager's Restrictions, first
turn restrictions off by editing progman.ini and changing the [restrictions]
line to, say, [restrictionsoff]. Restart Windows, and you will have full
control of Program Manager. If you use some other type of security program
that limits Program Manager's menu options, disable your security (e.g. log
in with the administrator password).

Then in Windows, click on the Netscape icon in Program Manager, then select
"File/Properties" and enter in the working directory.

Now, this "working directory" is only the starting or default directory.
The first time a patron goes to download a file this will be the default
directory where files are saved. If, for example, they change to the
unhidden Direct Access directory and save a file, the Direct Access
directory will be the new working directory until Netscape is restarted from
the Program Manager icon again.

Once you have this working directory set, you may wish to add lines to your
AUTOEXEC.BAT file to automatically clean this directory each time the
computer starts. What we do is delete the entire directory and then
recreate it by using the DOS command DELTREE and MKDIR commands.

The following commands are placed in AUTOEXEC.BAT to clean the C:\patron
directory.

rem -- clean the patron directory
deltree /Y c:\patron>nul
mkdir c:\patron>nul

NOTES: the "/Y" following the deltree command says don't show a warning
message and don't prompt asking if it is indeed what I want to do. The
">nul" at the end of each command says "Don't display any output messages".

Our Netscape icon's Working Directory is set to C:\patron and all direcories
except C:\patron are hidden. When a patron is downloading, they can only
see two directories on the computer: C:\ (the root directory) and C:\patron.

This means that people can download to the root as well as to the C:\patron
directory. So you should really clean out the root directory too.

You can't use the DELTREE command on the root, so you have to use the DEL
command. Luckily, the DEL command won't delete hidden or readonly files.
So you make the files you want (and need) to protect hidden and readonly
(io.sys, msdos.sys, config.sys, autoexec.bat typically) and use the command
"del *.*".

But if you have ever used the delete command like this you know that it will
ask "Are you sure? <Y/N>" and then you have to press "Y". So we need a way
to enter the "Y" to the command. To do this we create a file that contains
the "Y" letter we press when DEL asks "Are you sure?". We will put this "Y"
in a file called "yes".

At the root directory type the following to create the "yes" file:

C:\>copy con yes
Y
^Z
1 file(s) copied

C:\>

This says copy from the console (con) to a file called "yes". The console
is the keyboard so anything you type goes into the file "yes". Type the
letter "Y" followed by pressing the "Enter" key. Then type Control-Z
(Ctrl+Z) to finish creating the file. We need to keep this file around, so
then "attrib +r +h yes" to make it readonly and hidden.

Now use these commands in your AUTOEXEC.BAT file to clear out the root
directory each time the computer starts:

rem ===== Erase all non-hidden and non-readonly files
rem WARNING: This does delete all files in the root that
rem are not marked readonly or hidden.
rem Don't place any files you need to keep in the
rem root directory without marking protecting them.

rem -- make sure we are in the root directory
cd \

rem -- create a file that we can delete -- this prevents the message
rem "File not found"

echo "Delete me">delete.me

rem -- now delete all files using the file "yes" to press the "Y" key
automatically.

del *.*<yes>nul

rem ---------------------------------------------------

Notes: the "<yes" says to read input from the file "yes", which contains
the letter "Y". So when the DEL command asks "Are you sure <Y/N>?" the
"yes" file answers the question for us.

If a file is marked readonly but *NOT* hidden, you will see a message
"Access denied" on the screen. That's why I say to make the file hidden as
well. Also, the ">nul" prevents the "Are you sure <Y/N>?" message from
being displayed.

Now, this DOES do what it says! It will delete all files in the root that
aren't marked readonly and hidden. So it would be a very smart thing to
copy all files in the root to another directory for backup.

Okay, enough for now. If anyone has any other questions please post them
here and I'll be happy to answer or explain (or make it up) if I can.

Bill Moseley
mailto:moseley@netcom.com

• Next message: Children's Services, Sunnyvale Library: "Thanks!"
• Previous message: Children's Services, Sunnyvale Library: "Re: Strange security question."

For information about training, or using materials found on this website, please contact the Infopeople Project Assistant by email at assist@infopeople.org or by phone at 650-578-9685.

© 2008 Infopeople Project. Material on this website is licensed under a Creative Commons License. The Infopeople Project is supported by the U.S. Institute of Museum and Library Services under the provisions of the Library Services and Technology Act, administered in California by the State Librarian.