I've recently been exporting my settings from my various IDE's to share with friends. I plan to put them in a shared public location, so I was wondering if IntelliJ exports any sensitive information (saved password hashes, etc) that I should be aware of. If it matters, I'm using the GitHub add-on and the Scala plugin, and the most recent IntelliJ Community Edition.
The reason I ask is (as a new IntelliJ user and longtime Studio user) I know that Studio warns you of possibly sensitive information when you export settings, and excludes it by default. I saw no such warning in IntelliJ and I'm wondering if that's because there's nothing to be worried about, or...
Thanks in advance!
Good question.
I wanted to check it as well, so I exported my settings to look around there. I didn't find any passwords or credentials information there, but there were some things that could be considered "personal":
File header templates - mine for example contained my email there.
Last opened project location path.
Recently opened projects - for "Reopen" dialogue.
RECENT_DIR_STRINGS setting - not sure what are these used for, but it contained around 25 paths of code directories in my file system.
So to sum of - unless you were working on some secret projects on the side, it seems like it's safe to share it with colleagues and friends. Would be careful about releasing the settings to a public domain.
I think this feature is designed to use with their configuration server - a free (if you have the Ultimate edition) service that allows a developer to migrate their settings from one machine to another.
So it probably isn't designed for public sharing.
Related
Why is it a good idea to limit deployment of files to the user-profile or HKCU from my MSI or setup file?
Deployment is a crucial part of most development. Please give this content a chance. It is my firm belief that software quality can be dramatically improved by small changes in application design to make deployment more logical and more reliable - that is what this "answer" is all about - software development.
This is a Q/A-style question split from an answer that became too long: How do I avoid common design flaws in my WiX / MSI deployment solution?.
As stated above this section was split from an existing answer with broader scope: How do I avoid common design flaws in my WiX / MSI deployment solution? (an answer intended to help developers make better deployment decisions).
9. Overuse of per-user file and registry deployment.
Some applications won't run correctly for all users on a machine, because the user-specific data added during installation isn't correctly added to other user's profiles and registry. In other words the application just works for the user who installed the software. This is obviously a serious design error.
There are several ways to "fix" this, but the whole issue of deployment of per-user files and settings is somewhat messy for a few fundamental reasons:
How do you reference count components installed multiple times? (for each user on the machine)
What do you do with the installed data and settings on uninstall?
How do you deal with new files and settings to install that differ from the ones that are on disk and in the registry and have user-made changes? Surely you don't overwrite automatically?
There are no real clear cut answers, but there are several alternative ways to deal with the "problems". My preferred options are 2 & 3 since I don't think Windows installer should deploy, track or attempt to modify or worse yet, uninstall user data and settings at all - it is user data that shouldn't be meddled with:
9.1 Using Windows Installer Self-Repair or similar
The first option is to get settings and files and HKCU registry keys deployed properly via the setup itself or setup-like features. There are two major ways to do this: relying on Windows Installer "self-repair" generally triggered by an advertised shortcut, or using Microsoft Active Setup.
Self-repair is what happens when you launch a shortcut to start your application, and Windows Installer kicks in and you see a progress bar whilst "something" is being installed. What is typically added are HKCU registry entries and user-profile files.
There is also another alternative to achieve this, it is called Active Setup and is also a Microsoft feature. It essentially registers "something runnable" to run once per user on logon. This can be used to set up per-user data. Active Setup allows "anything runnable" to be executed - for example a copy of files to the user-profile. .
Both of these options mean that the user data and settings are copied in place once - and from then on they are not generally touched, but in the case of "self-repair" might get uninstalled for any user who actually runs the uninstall of the application (unless the setup is designed not to do so).
Although setting up user data with self-repair and Active Setup are "established" methods to get applications running properly, it seems wrong to track user data with Windows Installer components. Why? Because it is really user data that shouldn't be meddled with once initialized.
Accordingly my honest take on the whole issue is to try to avoid deploying user specific data or registry keys and values altogether, and this is what is described next as two other user-data deployment methods.
9.2 Application Initialization of User Data
The second alternative, and one that I find much cleaner, is to change your application executable to be able to initialize all per-user settings and files based on default setting and templates copied from a per-machine location or based on application internal defaults (from the source code) instead of writing them via your setup.
In this scenario Windows Installer will not track the files or settings that are copied to each user. It is treated as user data that should not be interfered with at all. This avoids all interference such as reset or overwritten user data during upgrades and self-repair (and manual uninstall and reinstall).
If there are cases where "fixes" must be made to application settings, this can be achieved by having the application executable update the settings for each users on launch, and then tag the registry that the update has been completed.
The overall "conclusion" is that your setup should prepare your application for first launch, it should not set up the user data and settings environment. All user-profile files and HKCU settings should be defaulted by the application in case they are missing on launch - this yields a much more robust application that is easier to test for QA personnel as well. This is particularly important for Terminal Servers where self-repair is not allowed to run at all. In such cases the application data will be missing if you rely on self-repair to put user data in place.
9.3 "Cloud" or Database Storage of User Settings
To take things a step further in today's "cloud environment" - and this is in my opinion the preferred option. Why should your application be restricted to files and registry keys and values? Why not store all user specific settings in the solution's database?
Full access, control and persistence for all settings without any deployment issues at all.
You do get new management issues though, and they must be shared between developers, system administrators and database administrators. But isn't the cloud pretty much the industry standard by now?
We have been struggling long enough with roaming profiles, corrupted user registry, mishandled user-profile data files, etc.... Developers, save yourself a lot of trouble, and create yourself some new database management issues instead of deployment issues - and start yelling at a whole new bunch of people! :-).
Settings in databases are:
Not suffering from "dual source problems". There is one instance, and it is updated in real time. Not like the synchronization problems seen with user-profile and "roaming".
Inspectable, manageable and patchable
Revisable (version control - can revert older settings)
You could even "tweak" all the user settings from your setup still by running database scripts as part of deployment, but if you are in a corporate environment - isn't the thought of just raising a ticket and then have your database administrator run the maintenance scripts with proper transaction support and rollback much more appealing?
Even if you are delivering a large, fat-client vendor application for general distribution and third party use (in other words not a tailored, corporate client/server solution where you are guaranteed to have a back end database), one should consider cloud storage of user settings by having users log on to a cloud using their email or similar and then synchronize settings in real time.
Such large applications generally always need to "cache" some settings files on the computer and in HKCU, but it seems more and more possible to save all settings in a single temporary file in the user profile area which is entirely "sacrificial" and even possible to delete if it is corrupted and then download the last saved settings.
Instead of hosting the cloud yourself, it is obviously possible to use company DBOs to configure their own company-wide cloud where they have full control of all settings, and can also enforce mandatory policies and restrictions for your software's operation. Not to mention the proper backup that is possible for all user settings.
I'm trying to get information about license info of my app and MSDN docs (http://msdn.microsoft.com/en-us/library/windows/apps/hh694065.aspx) advice to use Windows.ApplicationModel.Store.CurrentAppSimulator class for that purposes during development/testing and when submitting app to store replace that class with Windows.ApplicationModel.Store.CurrentApp.
I wonder if there is any way to check in code (javascript in my case) if app is already installed from store so my code should use proper class and I won't have to remember every time I submit update of app to store to replacing those classes properly.
As far as I know, I could not find such thing. In fact, LicenseInfo is what provides information about the store listing.
I use a config.js file to keep settings at place which change between development and production. For example - if your app talks to a service, service URL also will likely change between development and production; the service might be running at localhost for development and for production in azure environment. I keep a bool in here and change by hand.
I have not automated it fully. but it is likely possible. need to dig through the msbuild logs for the build created for the store. if there is configuration setting found, then project can have two config.dev.js and config.release.js and msbuild need to conditionally pick the right file. I haven't looked into this yet.
I think I found at solution as described here WinJS are there #DEBUG or #RELEASE directives? . Not ideal, but works for me.
I am attempting to write a small, lightweight client, using vb.net winforms, that can install without needing elevated privileges. Before I ask my questions, let me give you a bit of an idea of what it is supposed to do.
The app will start when Windows loads, set like this from the install, with a system/notification tray icon that can be clicked on to load up specific functionality. The application install from a website, or possibly a file share, haven't quite decided yet. This client will initially request user credentials for one of our web programs, and it will talk to an already built web service to determine what functionalities of our services they have licensed access to. After this, credentials will be encrypted and saved to the users pc locally. Every five minutes, the client will pass the credentials to the websites they have access to and check to see the status of jobs that are being processed, and download available reports if needed.
So, here is what I am trying to understand. If I configure this app as a ClickOnce application, once it installs from the url or shared drive, the user will not need to do anything else, correct? Or do they have to visit that url every time they boot up to reinstall/run the client?
Another thing, I wanted to get some opinions on the best ways to do some of the things this app will be doing. I have a good idea of where I am going with it, but I have no idea of which solution to go with yet.
For instance, what is the best way to store user passed credentials on their system for a "remember me"?
Also, is the best way to have the client install with automatically starting on windows startup to configure it to create a shortcut of itself in the windows startup folder?
I am trying to keep this as lightweight as possible, and using a very small GUI, so it shouldn't be too intrusive, so any ideas on how to ensure that, while keeping it from needing admin privs to install, will also help.
If I configure this app as a ClickOnce application, once it installs
from the url or shared drive, the user will not need to do anything
else, correct? Or do they have to visit that url every time they boot
up to reinstall/run the client?
Well if they need to reinstall it, they would have to download the setup.exe file again, but why would users need to do that? CilckOnce supports automatic updates. Visiting url is certainly not needed for running the program.
what is the best way to store user passed credentials on their system
for a "remember me"?
Probably storing them as application settings. Haven't used visual studio 2012, but in visual studio 2010 you have to right-click on project in solutions explorer, go to project propeties and then create variables in Settings tab. Then you can access those variables in code using My.Settings.variableName. Not sure about security though, if you need any.
As for privileges, I think you just need a privilege to install a program. Maybe you should publish a primitive clickOnce application and experiment with it and that will answer all your other questions about clickOnce.
I've just created an eclipse target definition/platform for my application, opting to use software sites (rather than local files/installations) as recommended in the tutorial I followed and a later best practices post by the same author.
The software sites are all external sites (eclipse, sourceforge etc.)
Everything seems to be working well, though I have two concerns:
If a component is updated (by the software provider), will it also be updated automatically in the target definition file?
Is it possible to take a backup of the target platform, so that it can be configured (for example) on a computer without an internet connection, or used in the event a remote site becomes unavailable.
You can create a mirror of an Eclipse p2 repository. It's quite common to do this inside an organisation so that there's a copy of the repository that's quick to access, and isn't dependant on some third party continuing to host it. There's a guide on the Eclipse Wiki.
As far as I'm aware, your Target Definition can only reflect what's in the p2 repository it's pointing at. If the developer replaces a package with a newer version, it'll pick that up. If you need greater control over that, then selectively mirroring the content is probably the way to go.
From that wiki page, it looks like by default it won't delete content in your mirror (even if it's deleted in the remote) unless you specify -writeMode clean.
I'm building an application that is targeting Windows, Mac and Linux soon. I was wondering where should I keep application data such as settings, etc.
Application's installation folder is the easiest choice, but I think that might be a problem with new Vista security model. Besides, users might want different settings.
Is it C:\Documents and Settings\username\MyApp good for both Vista and XP?
Is it /home/username/.MyApp good for Linux and Macs?
Any ideas and/or links to best practices much appreciated.
Thanks!
Juan
Each platform has its own API for finding the user's home folder, or documents folder, or preferences folder.
Windows: SHGetFolderPath() or SHGetKnownFolderPath()
Mac OS X and iPhone OS: NSSearchPathForDirectoriesInDomains()
Unix: $HOME environment variable
Don't hardcode specific paths or just tack a prefix and suffix on the user's name. Also, try to follow whatever conventions there are for the platform for naming the files.
In regards to best practices, Jeff posted an article on polluting user space that you might find useful: Don't Pollute User Space
As a general point, I'd recommend abstracting the implementation of your settings into a 'Settings Provider' and provide different providers for each platform. That way, you can implement the storage of the settings in the manner that best suits the target platforms (for example, a file on Linux or the Windows Registry).
Don't simply adopt the 'lowest common denominator'. Where you have content that must be explicity stored in files, have your settings provider expose the platform-specific location for those files.
I'm not :)
I'm using USERPROFILE in Windows and HOME in Mac/Linux. But even so, I need to know that those are the right places.
Thanks!
In windows you need to go another level deep than just the user profile. Use the Application Data folder.
On Windows I use APPDATA,and on Linux I use HOME.
For Linux/BSD/Solaris:
http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
Never, ever store user data in the application folder. It's just a bad idea.
Most operating systems have a $HOME (or %HOME%) environment variable. That would be the first place to look.
If you want to cleanly support multiple operating systems, though, you're going to have to have some OS-specific code for each that figures out exactly where things need to go. (~/Library for Mac OS, ~/.config for GNOME-based systems, %HOME%/Application Data for Windows, etc.).
What language are you planning to use? Java, for example, has a dedicated Preference API.