Object Store Security (Windows Embedded CE 6.0)
1/6/2010
The object store provides several elements of security in a trusted environment.
First, system files are protected so that they cannot be read or modified by normal applications. System files are those files that have the system attribute set.
Additionally, the system protects a set of registry keys so that they cannot be modified by normal applications. All applications can read all registry keys and values, but only privileged applications can modify values or subkeys below protected keys. The system protects a base set of keys. This set of keys is extensible by the original equipment manufacturer.
Additionally, databases that are stored within the object store can be given a system flag. System databases cannot be read or modified by normal applications. Databases that are stored in separate database volumes rather than in the object store can be protected by setting the system attribute on the file, just as for any other file in the file system.