Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
What is lka for
tommy_scharmann
Member
07-19-2000 08:53 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report to a Moderator
I quote from the help file:
"Every Lookout process has an attached security file, identified by the .lka
extension. All the security information for a Lookout process is kept in
the .lka file for that process. You must keep the .lka file in the same directory
as the .l4p file for your security settings to work. If you misplace the
.lka file, all users will have complete access to all parts of the process.
To reconstruct the file, you would have to reset all your security permissions."
This is not true. I am a developer and am trying to develop a secure system.
I must understand Lookout security fully. Therefore, I am developing test
systems and am hacking into them. I have been playing with the lookout.sec
and process.lka files. I fully unde
rstand the User Manager and the .sec file.
I have succefully hacked the .sec system by creating a replacement .sec and
removing the original .sec. I have thus gained full access to the test process
file.
I have also removed the process.lka file from the directory (leaving the
original lookout.sec intact) and still cannot access security limited objects
in the process.l4p nor the process.lks file. After further investigation
I have found that the object security settings are contained in the process.lks
file. I thus moved the lks file to another directory and edited the object
security settings via notepad. When this lks file is compiled I see the security
changes at the object level and can thus gain access to any object I wish.
My question is this: what purpose does the process.lka file serve?
Regards,
Tommy Scharmann
"Every Lookout process has an attached security file, identified by the .lka
extension. All the security information for a Lookout process is kept in
the .lka file for that process. You must keep the .lka file in the same directory
as the .l4p file for your security settings to work. If you misplace the
.lka file, all users will have complete access to all parts of the process.
To reconstruct the file, you would have to reset all your security permissions."
This is not true. I am a developer and am trying to develop a secure system.
I must understand Lookout security fully. Therefore, I am developing test
systems and am hacking into them. I have been playing with the lookout.sec
and process.lka files. I fully unde
rstand the User Manager and the .sec file.
I have succefully hacked the .sec system by creating a replacement .sec and
removing the original .sec. I have thus gained full access to the test process
file.
I have also removed the process.lka file from the directory (leaving the
original lookout.sec intact) and still cannot access security limited objects
in the process.l4p nor the process.lks file. After further investigation
I have found that the object security settings are contained in the process.lks
file. I thus moved the lks file to another directory and edited the object
security settings via notepad. When this lks file is compiled I see the security
changes at the object level and can thus gain access to any object I wish.
My question is this: what purpose does the process.lka file serve?
Regards,
Tommy Scharmann
Brian Thies
NI Employee (retired)
09-18-2000 11:17 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report to a Moderator
Tommy,
The .lka file is used to store the security information relevant to making
network connections to an objects datamembers. This is the security that
you are setting when you right-click a folder in object explorer and configure
permissions.
Restricting access to an object's UI component is a different matter. This
security is stored in the process file and is intended to implement security
at the operator level. If you want to keep certain operators from doing
certain tasks, you configure that objects security separately.
The lookout.sec file holds the security information relevant to both security
areas (local/UI and network connections). If you are concerned about operators
copying over the lookout.sec file to gain access to the UI components, you
should not allow operators to gain access to the system. You can do this
by installing the NT keyboard driver and making Lookout the only application
on the machine. This way the operator will not have the ability to get into
the system.
Also, it is a good idea to put your process file in a secure directory (assuming
you are using NT). You probably only want certain people to be able to write
the .l4p, .lks, .lka, etc.
If, for some reason, a person on a remote machine is able to copy the lookout.sec
file from your computer (don't share all of your drives to everybody!), remember
that they have to know the password before they can log into Lookout and
make remote connections to sabotage your process.
In general, to help with network security, a firewall is a good idea. If
you are connected to the internet and don't have a firewall, anybody in the
world can connect to your process's data (assuming they have the correct
user and password).
To help with operator security, using NT is a good idea. In Win9x, you always
have to worry about the possibility that an operator can switch from Lookout
to the operating system where he can do anything (like delete your process
file, copy an insecure lookout.sec, etc.)
Hope this helps.
Sincerely,
Brian Thies
"Tommy Scharmann" wrote:
>>I quote from the help file:>>"Every Lookout process has an attached security
file, identified by the .lka>extension. All the security information for
a Lookout process is kept in>the .lka file for that process. You must keep
the .lka file in the same directory>as the .l4p file for your security settings
to work. If you misplace the>.lka file, all users will have complete access
to all parts of the process.>To reconstruct the file, you would have to reset
all your security permissions.">>This is not true. I am a developer and am
trying to develop a secure system.>I must understand Lookout security fully.
Therefore, I am developing test>systems and am hacking into them. I have
been playing with the lookout.sec>and process.lka files. I fully understand
the User Manager and the .sec file.>I have succefully hacked the .sec system
by creating a replacement .sec and>removing the original .sec. I have thus
gained full access to the test process>file. >>I have also removed the process.lka
file from the directory (leaving the>original lookout.sec intact) and still
cannot access security limited objects>in the process.l4p nor the process.lks
file. After further investigation>I have found that the object security settings
are contained in the process.lks>file. I thus moved the lks file to another
directory and edited the object>security settings via notepad. When this
lks file is compiled I see the security>changes at the object level and can
thus gain access to any object I wish.>>My question is this: what purpose
does the process.lka file serve?>>Regards,>Tommy Scharmann
The .lka file is used to store the security information relevant to making
network connections to an objects datamembers. This is the security that
you are setting when you right-click a folder in object explorer and configure
permissions.
Restricting access to an object's UI component is a different matter. This
security is stored in the process file and is intended to implement security
at the operator level. If you want to keep certain operators from doing
certain tasks, you configure that objects security separately.
The lookout.sec file holds the security information relevant to both security
areas (local/UI and network connections). If you are concerned about operators
copying over the lookout.sec file to gain access to the UI components, you
should not allow operators to gain access to the system. You can do this
by installing the NT keyboard driver and making Lookout the only application
on the machine. This way the operator will not have the ability to get into
the system.
Also, it is a good idea to put your process file in a secure directory (assuming
you are using NT). You probably only want certain people to be able to write
the .l4p, .lks, .lka, etc.
If, for some reason, a person on a remote machine is able to copy the lookout.sec
file from your computer (don't share all of your drives to everybody!), remember
that they have to know the password before they can log into Lookout and
make remote connections to sabotage your process.
In general, to help with network security, a firewall is a good idea. If
you are connected to the internet and don't have a firewall, anybody in the
world can connect to your process's data (assuming they have the correct
user and password).
To help with operator security, using NT is a good idea. In Win9x, you always
have to worry about the possibility that an operator can switch from Lookout
to the operating system where he can do anything (like delete your process
file, copy an insecure lookout.sec, etc.)
Hope this helps.
Sincerely,
Brian Thies
"Tommy Scharmann"
>>I quote from the help file:>>"Every Lookout process has an attached security
file, identified by the .lka>extension. All the security information for
a Lookout process is kept in>the .lka file for that process. You must keep
the .lka file in the same directory>as the .l4p file for your security settings
to work. If you misplace the>.lka file, all users will have complete access
to all parts of the process.>To reconstruct the file, you would have to reset
all your security permissions.">>This is not true. I am a developer and am
trying to develop a secure system.>I must understand Lookout security fully.
Therefore, I am developing test>systems and am hacking into them. I have
been playing with the lookout.sec>and process.lka files. I fully understand
the User Manager and the .sec file.>I have succefully hacked the .sec system
by creating a replacement .sec and>removing the original .sec. I have thus
gained full access to the test process>file. >>I have also removed the process.lka
file from the directory (leaving the>original lookout.sec intact) and still
cannot access security limited objects>in the process.l4p nor the process.lks
file. After further investigation>I have found that the object security settings
are contained in the process.lks>file. I thus moved the lks file to another
directory and edited the object>security settings via notepad. When this
lks file is compiled I see the security>changes at the object level and can
thus gain access to any object I wish.>>My question is this: what purpose
does the process.lka file serve?>>Regards,>Tommy Scharmann
