So. i've created a loader. I have a dll that the loader injects. so loader is sending a request to my webfile, the webfile check if the user is in the correct usergroup, correct hwid and correct username/password. if everything matches then the webfile sends back the dll download link to the loader and then loader injects dll. I wanna host the dll on my mybb forum. what's the best way to prevent the dll from being downloaded? Like I literally just want the loader to have access to the dll noone else or anything else just the loader. what's the best way of doing it and how? i want your personal opinion on this
I'd recommend looking into group creation and permissions on Windows since that's the method we use to prevent direct access of files on Linux.
A potential setup could look like this:
1. Create a new group for the web server (this group will be the one that guests will have when connecting to the web server).
You'll have to run the web server through this group for the permissions to carry over to the guests.
2. Revoke read/write access to the file(s) and folder(s) you don't want guests accessing.
3. Create a new group for the loader (this group will be the one that sends requests to the web server).
You'll have to run the loader through this group for the permissions to carry over.
4. Allow read/write access to the file(s) and folder(s) you want the loader to access.
See if that fixes your issue.
(2019-09-17, 02:29 AM)KimChoJapFan Wrote: [ -> ]I'd recommend looking into group creation and permissions on Windows since that's the method we use to prevent direct access of files on Linux.
A potential setup could look like this:
1. Create a new group for the web server (this group will be the one that guests will have when connecting to the web server).
You'll have to run the web server through this group for the permissions to carry over to the guests.
2. Revoke read/write access to the file(s) and folder(s) you don't want guests accessing.
3. Create a new group for the loader (this group will be the one that sends requests to the web server).
You'll have to run the loader through this group for the permissions to carry over.
4. Allow read/write access to the file(s) and folder(s) you want the loader to access.
See if that fixes your issue.
well number 2 seems to be the best one. but in my case I only have one file. and if i revoke read/access to the file then the loader wont be able to access either. is it possible to make like 3 custom strings and then when loader request for the file it needs those 3 custom strings. if they match then access is allowed if not matching then deny access.