Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Make folders & files only available to application

Posted on 2004-03-23
7
Medium Priority
?
132 Views
Last Modified: 2010-05-01
Hi,

I have also posted this under .NET as it applies to both VB6 and .NET

Does anyone know a way (via code, tool or third-party software) on how to secure a folder, its subfolders and the files contained in them? I want a solution where the files will not be accessible on your lan/wan via Windows Explorer to anyone. I want only my application to be able to access these files.

I'm basically trying to provide a solution where users cannot in anyway access any files unless it is down through our main application. I'm not sure this is possible, but maybe one of you have done something similar in the past.

I don't want to use a concept of using FTP or HTTP and request a file to cache it locally as I it would be to messy for us to handle this issue right now. Also, creation date & time, last modified and last access of files is critical to us and most FTP server do not provide an accurate enough time definition.

A few people have mentioned to me writting a service impersonating a specific user that would be the only one to have access to the specific folder & files, but this still an issue as this would mean all of our activex components that use a path would have to be somehow support this impersonation which is definitely not going to be the case.

I hope I'm somehow clear on this issue.

Many thanks in advance.

Thierry
0
Comment
Question by:taf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 26

Expert Comment

by:EDDYKT
ID: 10668352
0
 

Author Comment

by:taf
ID: 10672970
Hi,

Thanks for feedback, but this is not quite what I'm looking for as it would be require to be integrated or at least it would require to allow only our application to access a folder. I will get in touch with them, though as the principle they are offering is what I'm looking for, but I need to indirectly (or direclty) make my application impersonate a user that would be the only one to be allowed to access a folder.

Thanks again.

Thierry
0
 
LVL 76

Expert Comment

by:David Lee
ID: 10701117
The only sure way I know of to prevent unwanted users from getting to the files/folders is to use Windows' built-in security.  That means creating a user and giving only that user the rights to see and access the files and folders for the application.  The application would then need to perform impersonation in order to get to the files/folders.  I looked at the FolderGuard utility and from what it says I'll bet it's a driver or service, my guess is the latter, that controls access.  If I'm right, then shutting the service down would halt the protection that FolderGuard provides.  That'd also be true if someone booted from a second copy of Windows, one that didn't have FolderGuard installed.  FolderGuard also seems to be designed to protect files on the local computer.  I didn't see any mention of protecting files/folders accessed via the network.  In your description of the issue you didn't mention where the data is located.  Is it on the local machine or on a networked drive?  If it's on a networked drive, then another solution might be to create some sort of proxy service.  Instead of accessing the files/folders directly the application(s) would have to be modified to access them indirectly through the proxy program, as in a client/server approach.  The proxy program slone would have the necessary permissions to access the files/folders.  That'd prevent anyone else from getting into them.  The application program would talk to the proxy and get access via it.  It'd probably be a lot simpler to just stick with Windows built-in security and go the impersonation route.

You might try Windows "Run As" command.  It allows a program to be run in a different security context.  Here's a link to an article that might be useful: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q294676& 
And here's a link to a page describing the command's syntax: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds.mspx

To use Run As you'd need to create an account and give that account access to the files/folders.  You'd then need to create a front-end program that'd launch the actual application.  The front-end program would issue the Run As command to start the actual application.  Run As would prompt for a password which'd be the password for the account that has access.  Of course you'd have to keep the account secret otherwise a clever user would have both the username and the password to get in with.  There might also be some way to pipe the password to the challenge, or to have the front-end program "see" the challenge and stuff the password into it.

Hope this is of some use.
0
 

Author Comment

by:taf
ID: 10717734
This won't be a workable solution as I need to be the logged in user and the special account if you can call it that! So the 'Run As' is not going to be suitable.

But thanks for the feedback!

Thierry
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11424371
PAQed, with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever wanted to restrict the users input in a textbox to numbers, and while doing that make sure that they can't 'cheat' by pasting in non-numeric text? Of course you can do that with code you write yourself but it's tedious and error-prone …
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
Get people started with the utilization of class modules. Class modules can be a powerful tool in Microsoft Access. They allow you to create self-contained objects that encapsulate functionality. They can easily hide the complexity of a process from…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question