Someone recently asked (in the forums) about how to make kiosk applications in REALbasic. That piqued my interest a bit, so I did some research, and here's my tale.
The quick and dirty way that most people are used to is by setting Window.Fullscreen = true and Window.MenuBarVisible = false. So I'd like to start with that as a jumping-off point for the discussion. When you set FullScreen to true, what you end up with is an application which takes up the entire screen. You cannot see it's title bar, which means you can't see any close buttons for it. This also means that you can't resize the window to make it smaller, etc. The horribly named MenuBarVisible property takes care of the rest. It hides the menu bar (as the name implies) so that the user can't select File->Exit. It also hides all system UI, which is something users tend to forget about (for good reason, since it's not apparent by the name). System UI includes things like the start bar (and I think global floating windows, perhaps -- but I really can't recall). So by combining these two operations, what you eventually end up with is an application which takes up the entire screen and supposedly cannot be terminated -- a kiosk application.
I used the term supposedly because that's not true, you don't have a kiosk application. What you have is a fullscreen window with no menu bar and system UI. There's a big difference. You see, the point to a kiosk application is that the user should have no way of getting to the file system, or be able to end task your application, etc. You use kiosk applications when you want to write secure applications that you can stick out in public somewhere and not have to worry about anyone mucking things up. However, there are ways to muck things up with the above scenario.
Any Win32 app running on a recent version of Windows can get to the task manager by hitting Ctrl+Alt+Del and finding the application in the list. Once they've found the application, then can always end task it, thereby quitting back to the desktop. Granted, you could have your application running as Admin and the user running as Guest, so that they do not have sufficient privileges to terminate the application. But if your application is installed or launched incorrectly, or the user is an admin (for some reason), then it's an issue.
Any Win32 application can hit Alt+Tab to switch between other applications. This causes your "kiosk" application to go to the background and some other window to come to the foreground, and it doesn't require privileges to do so. All that's needed are multiple open windows. Oops! So you could get around this by ensuring that there's only one window open -- your application's. Then, when the user hits Alt+Tab, they only see your application in the task list.
Just because the start bar isn't visible doesn't mean it can't be accessed. Try it -- set MenuBarVisible = false, run the application and then hit the Windows key. That'll pop open the start menu. Or, if you prefer to just skip the start menu and get straight into the file system, hit Windows+R, type cmd and hit enter. Ta da! Here again, there are no privileges involved (until the user gets to the file system, where the user privileges matter). So your user can still get access to the file system.
As you can see, this combination of flags is rather useless if you're truly trying to make a professional kiosk application. However, you need not fear, for there is a true solution within your reach. Windows (starting with NT 3.51) has two security concepts for us to work with: window stations and desktops.
A window station contains a clipboard, atom table, and one or more desktops. However, there is only one window station which can have user interaction (called Winsta0), so we don't really need to concern ourselves with the concept too much. Window stations are more useful if you're running a terminal services machine. In that case, each time a user logs on, they're given a session with its own window station (so that users cannot ever "see" one another).
What you're more interested in is a desktop object. Desktops are logical display surfaces -- they contain things like windows and other UI widgets. You may not know it, but you use different desktops all the time! When you login to the computer, the login screen is on the Winlogon desktop. When you hit Ctrl+Alt+Del, the OS switches you onto the Winlogon desktop as well. When the screensaver becomes active, you're switched into the screensaver's desktop. And of course, there's the default desktop which you interact with every day.
So the trick to making a kiosk application is to make a new desktop object. By doing this, you can limit the user's access to things however you see fit (and by default, it's as secure as you can get). Next time, we'll take a look at the basic process behind running your application in its own desktop.
Okay, this is going to be cool reading. I saw that post on the forums and it got me thinking.
I work for a civic goverment and our particular department offers (amongst many other services), recreation programs to our citizens and visitors. Having a kiosk in the lobby of our building would be great way to allow visitors to browse our catalog of recreation programs, activities and facilities.
But we've kept away from that idea since we didn't know how to lock down the app so that they couldn't Alt-Tab, or C-A-D away from the app and gain access to the Windows desktop.
So now I'm really looking forward to this. The insight will be much appreciated.
Hmmm... sounds very interesting! Currently I'm using the WFS functionality to "trap" keyboard input and prevent Ctrl-Alt-Delete, the Windows key, and Alt-Tab from being passed on. Is this "separate desktop" scheme any more secure?
@Scott -- great to hear! I'll be sure to make it a good series. :-)
@Adam -- you are a bad, bad man (but I still like ya). You should never try to do what you're doing. It's considered horrible form, it's buggy (there's always ways around that sort of stuff), and it precludes you from windows logo certification. Basically, it's bad mojo.
It sounds like you want your app to be un-terminatable by the user, and you want it to be the only app they can use. Right? Following what I'm laying out is the correct way to do what you're going after, if I'm understanding your needs correct.
Hmmm, OK. Yikes, I had no idea it was such a bad idea. I eagerly await the rest of the article.
@Adam -- that makes two of us! This was actually a fun little project. :-) I hope others get some use out of it as well, because I think it's a neat technical feat.
If part two comes out saying, "unplug the keyboard and make it all mouse-driven," I'm outta-here! ;-)
[...] « Kiosk Applications (part one) [...]