Solved

Make folders & files only available to application

Posted on 2004-03-23
7
125 Views
Last Modified: 2010-05-01
Hi,

I have also posted this under .NET as it applies to both VB6 and .NET

Does anyone know a way (via code, tool or third-party software) on how to secure a folder, its subfolders and the files contained in them? I want a solution where the files will not be accessible on your lan/wan via Windows Explorer to anyone. I want only my application to be able to access these files.

I'm basically trying to provide a solution where users cannot in anyway access any files unless it is down through our main application. I'm not sure this is possible, but maybe one of you have done something similar in the past.

I don't want to use a concept of using FTP or HTTP and request a file to cache it locally as I it would be to messy for us to handle this issue right now. Also, creation date & time, last modified and last access of files is critical to us and most FTP server do not provide an accurate enough time definition.

A few people have mentioned to me writting a service impersonating a specific user that would be the only one to have access to the specific folder & files, but this still an issue as this would mean all of our activex components that use a path would have to be somehow support this impersonation which is definitely not going to be the case.

I hope I'm somehow clear on this issue.

Many thanks in advance.

Thierry
0
Comment
Question by:taf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 26

Expert Comment

by:EDDYKT
ID: 10668352
0
 

Author Comment

by:taf
ID: 10672970
Hi,

Thanks for feedback, but this is not quite what I'm looking for as it would be require to be integrated or at least it would require to allow only our application to access a folder. I will get in touch with them, though as the principle they are offering is what I'm looking for, but I need to indirectly (or direclty) make my application impersonate a user that would be the only one to be allowed to access a folder.

Thanks again.

Thierry
0
 
LVL 76

Expert Comment

by:David Lee
ID: 10701117
The only sure way I know of to prevent unwanted users from getting to the files/folders is to use Windows' built-in security.  That means creating a user and giving only that user the rights to see and access the files and folders for the application.  The application would then need to perform impersonation in order to get to the files/folders.  I looked at the FolderGuard utility and from what it says I'll bet it's a driver or service, my guess is the latter, that controls access.  If I'm right, then shutting the service down would halt the protection that FolderGuard provides.  That'd also be true if someone booted from a second copy of Windows, one that didn't have FolderGuard installed.  FolderGuard also seems to be designed to protect files on the local computer.  I didn't see any mention of protecting files/folders accessed via the network.  In your description of the issue you didn't mention where the data is located.  Is it on the local machine or on a networked drive?  If it's on a networked drive, then another solution might be to create some sort of proxy service.  Instead of accessing the files/folders directly the application(s) would have to be modified to access them indirectly through the proxy program, as in a client/server approach.  The proxy program slone would have the necessary permissions to access the files/folders.  That'd prevent anyone else from getting into them.  The application program would talk to the proxy and get access via it.  It'd probably be a lot simpler to just stick with Windows built-in security and go the impersonation route.

You might try Windows "Run As" command.  It allows a program to be run in a different security context.  Here's a link to an article that might be useful: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q294676& 
And here's a link to a page describing the command's syntax: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds.mspx

To use Run As you'd need to create an account and give that account access to the files/folders.  You'd then need to create a front-end program that'd launch the actual application.  The front-end program would issue the Run As command to start the actual application.  Run As would prompt for a password which'd be the password for the account that has access.  Of course you'd have to keep the account secret otherwise a clever user would have both the username and the password to get in with.  There might also be some way to pipe the password to the challenge, or to have the front-end program "see" the challenge and stuff the password into it.

Hope this is of some use.
0
 

Author Comment

by:taf
ID: 10717734
This won't be a workable solution as I need to be the logged in user and the special account if you can call it that! So the 'Run As' is not going to be suitable.

But thanks for the feedback!

Thierry
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 11424371
PAQed, with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most everyone who has done any programming in VB6 knows that you can do something in code like Debug.Print MyVar and that when the program runs from the IDE, the value of MyVar will be displayed in the Immediate Window. Less well known is Debug.Asse…
When designing a form there are several BorderStyles to choose from, all of which can be classified as either 'Fixed' or 'Sizable' and I'd guess that 'Fixed Single' or one of the other fixed types is the most popular choice. I assume it's the most p…
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question