|
|
Hello Guys,
Am facing an issue with namespace regarding WindowsInstaller
My code is to Read a MSI file and to write, other operations etc.
OS: Windows 7, 64 BIT
VS: VS2013
(I have WiX Toolset v3.8 installed on my machine, which will assist in windows installer funstions)
My Code starts like this:
using System;
using System.Linq;
using WindowsInstaller;
using Microsoft.Deployment.WindowsInstaller;
using Microsoft.Deployment.WindowsInstaller.Linq;
namespace ReadMSI
{
Error: "the type or namespace name 'deployment' does not exist in the namespace 'microsoft'"
I have related .dll installed to the below location.
"C:\Program Files (x86)\WiX Toolset v3.8\bin\Microsoft.Deployment.WindowsInstaller.dll"
Not sure what am missing.
Is this any issue with installing WiX Toolset v3.8
Please assist.
|
|
|
|
|
You have to add a reference in your project to the DLL. Right-click the project, and choose "Add Reference". Then select the DLL.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
i am making a program to resize image according to measurement is given in textbox. and that should display in picturebox.
but my picturebox is changing dimension which is good, but my image is not fitting in that picturebox.
i tried image size mode function but it didnt work
|
|
|
|
|
megha_p wrote: i tried image size mode function but it didnt work It is unlikely that anyone can guess from that exactly what your code does, or what is meant by "it didnt work". Please edit your question, explain exactly what you are trying to do, show the code that tries to do it, and give full details of what results you expect and what you actually see.
[edit]
I notice that this is the third time you have posted on this subject. Please try and follow the advice you have been given, and explain your problem clearly.
[/edit]
|
|
|
|
|
program of image processing using c#
|
|
|
|
|
It doesn't quite work like that.
We do not do your work for you.
If you want someone to write your code, you have to pay - I suggest you go to VWorker.com and ask there.
But be aware: you get what you pay for. Pay peanuts, get monkeys.
Those who fail to learn history are doomed to repeat it. --- George Santayana (December 16, 1863 – September 26, 1952)
Those who fail to clear history are doomed to explain it. --- OriginalGriff (February 24, 1959 – ∞)
|
|
|
|
|
|
In addition to what the others have said, remember that a question needs a ? mark.
And you need to be specific, as no one can tell what you are looking for exactly, so what would be a good answer to this?
|
|
|
|
|
Yes, this is possible.
|
|
|
|
|
|
I gave it a try for a password-manager I was writing; add a character every time that the user presses a key, to prevent it from becoming a string. Dropped it at that point, and followed below advice.
The Old New Thing[^]
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
this is my best bet for securing the connection string.
fetch the encrypted connection string from app.config then store it in the securestring. so at-least the connectionstring is protected.
|
|
|
|
|
If they could read a normal string object straight from memory, then why can't they read from app.config?
|
|
|
|
|
Simply because the app.config is also encrypted.
|
|
|
|
|
So the key also available, otherwise you couldn't read it.
Worst case, if somehow that key is only available to your program, the attacker becomes your program by injecting some code into your process.
|
|
|
|
|
Yeah actually that problem is in my head for a long time.
for now i don't know what would happen if they copy the config file, then create there own project to read the app.config and show the real string. maybe that is possible, but i don't time to test it for now.
BTW what would you suggest to protect the connection string, while the client doesn't have an internet connection.
any advice?
thank you.
|
|
|
|
|
You can't hide anything from the user. A user can debug your program, or run it through an emulator, or disassemble it and step through it mentally. "Anti-debugging" tricks don't change that - you can choose different code paths but the user can override it, you can have sneaky behaviour depending on self modifying code and so on, but the user can see right through it, no matter what you do the user can override it. The user is essentially a god and your code runs completely at their mercy. You can slow them down or trick them, but at the end of the day you can not stop them. If your program can get its hand on the connection string, so can the user, because the program tells them exactly how to do it - it's literally a list of instructions saying how, which also explains why encryption is in this case just obfuscation: you're also providing the instructions to undo it.
"secure"string doesn't pretend to stop users, it pretends to stop other programs, but there's not much difference. The only thing a program can't do (in theory anyway) is click a UAC dialog, and you don't even need that.
Advice: accept that anything that could be done with the privileges and information of the program, will be done by a user. If they're not allowed to do something, then the program can't be allowed to do it either, and that must be enforced server-side.
|
|
|
|
|
harold aptroot wrote:
If they could read a normal string object
straight from memory, then why can't they read from app.config?
If the string has to be entered, and you have privliges to run whatever you want (unsigned code with admin rights), why not install a keylogger? You're assuming that the system is already compromised.
If the user has to enter something sensitive, I prefer to keep it as much out of reach as possible.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
in your case would you suggest?
As there is no perfect security in cyber world
|
|
|
|
|
Gilbert Consellado wrote: in your case would you suggest? Depends on the environment.
I'm not running as admin on my local machine, UAC is turned on - here I do not worry about keyloggers. The documents-folder is encrypted; anything in there is deemed "safe". I kept passwords in a text-file, since, as Mycroft states, it would not be very usefull to hide them from an application that runs as "me", as it has access to anything I have.
On USB, the data is encrypted. One needs the password to unlock the data - and no, in that case the password isn't stored.
If you're not in control of the environment, you basically cannot guarantee secrets. In that respect, the (local) admin is indeed all-powerfull.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I haven't. I don't really see the point – if a malicious program has access to your process's memory space, it's already infiltrated onto the system in such a way that it can hook the keyboard (keylogger), file system (read data directly) and API calls (intercept passwords as you pass them to other applications or down HTTPS channels), and it's probably easier to dig a password out from there than from an unknown location in a process's memory.
|
|
|
|
|
I have a C# windows application written in VS 2010 that uses SQL Server Express database as the back-end. I'm finding that I have a need for having different users with different rights, to limit how much damage can be done by careless users. For example, one highly trusted user can mass delete and edit records for modifying large numbers of records while another user can only edit or delete individual records. A highly trusted user can access all of the screens while other users will only access a subset of those screens, etc. AFAIK this doesn't necessarily map very well to the authentication system built into SQL Server which manages user groups read and write permissions for each table. There is the possibility of just rolling your own custom authentication system, to add to the database tables for users, groups, and permissions and managing those accordingly. While this is a new problem for me, my hunch is that this would likely be a very old and familiar problem within windows development. I could certainly roll my own and make something workable if not great, but why not see how others with more experience are doing it.
Does anyone have any thoughts or recommendations on this subject? Any especially good examples that you could point me in the direction of?
(crosspost mea culpa)
|
|
|
|
|
Well I have to say pretty much every system I've worked on has rolled its own. It'd be good if there was a library and a script you could just run to do this.
I guess it depends on where the thing is used. Is Active Directory an option?
Regards,
Rob Philpott.
|
|
|
|
|
Aaron Hartley wrote: AFAIK this doesn't necessarily map very well to the authentication system built into SQL Server which manages user groups read and write permissions for each table. It's configurable. Simply map a Sql-user to an AD-group. Include the "trusted" used in the correct AD-group, and done.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|