CSIDL - Shell constants, enumerations, and flags

I worked on an application which had a couple of requirements:

  1. Allow users access to their local drive content within a defined scope (e.g. either the entire drive, or the My Documents folder only)

  2. Prevent users from accessing files outside of the defined scope. So they shouldn't be able to access network drives, USB keys, etc.

To acheive this, the shell constants were used, as defined in the Windows SDK.

This worked well, and after we looked at the code we actually ran a battery of tests to confirm. So for example we tried the following types of canonicalizations:

  • \hostsharefile

  • \?folderfile

  • \

  • \.folderfile

We kept going, and tried breaking out of the local scope as well:

  • ........boot.ini

  • ../../../../boot.ini

  • ..%2fboot.ini

And all that sort of stuff. Using the CSIDL constants proved successful, and we could see this through debugging. Everything we entered was merely relative to the constant value, there was no way to change it.