Solved

Make folders & files only available to application

Posted on 2004-03-23
7
121 Views
Last Modified: 2010-05-01
Hi,

I have also posted this under .NET as it applies to both VB6 and .NET

Does anyone know a way (via code, tool or third-party software) on how to secure a folder, its subfolders and the files contained in them? I want a solution where the files will not be accessible on your lan/wan via Windows Explorer to anyone. I want only my application to be able to access these files.

I'm basically trying to provide a solution where users cannot in anyway access any files unless it is down through our main application. I'm not sure this is possible, but maybe one of you have done something similar in the past.

I don't want to use a concept of using FTP or HTTP and request a file to cache it locally as I it would be to messy for us to handle this issue right now. Also, creation date & time, last modified and last access of files is critical to us and most FTP server do not provide an accurate enough time definition.

A few people have mentioned to me writting a service impersonating a specific user that would be the only one to have access to the specific folder & files, but this still an issue as this would mean all of our activex components that use a path would have to be somehow support this impersonation which is definitely not going to be the case.

I hope I'm somehow clear on this issue.

Many thanks in advance.

Thierry
0
Comment
Question by:taf
7 Comments
 
LVL 26

Expert Comment

by:EDDYKT
Comment Utility
0
 

Author Comment

by:taf
Comment Utility
Hi,

Thanks for feedback, but this is not quite what I'm looking for as it would be require to be integrated or at least it would require to allow only our application to access a folder. I will get in touch with them, though as the principle they are offering is what I'm looking for, but I need to indirectly (or direclty) make my application impersonate a user that would be the only one to be allowed to access a folder.

Thanks again.

Thierry
0
 
LVL 76

Expert Comment

by:David Lee
Comment Utility
The only sure way I know of to prevent unwanted users from getting to the files/folders is to use Windows' built-in security.  That means creating a user and giving only that user the rights to see and access the files and folders for the application.  The application would then need to perform impersonation in order to get to the files/folders.  I looked at the FolderGuard utility and from what it says I'll bet it's a driver or service, my guess is the latter, that controls access.  If I'm right, then shutting the service down would halt the protection that FolderGuard provides.  That'd also be true if someone booted from a second copy of Windows, one that didn't have FolderGuard installed.  FolderGuard also seems to be designed to protect files on the local computer.  I didn't see any mention of protecting files/folders accessed via the network.  In your description of the issue you didn't mention where the data is located.  Is it on the local machine or on a networked drive?  If it's on a networked drive, then another solution might be to create some sort of proxy service.  Instead of accessing the files/folders directly the application(s) would have to be modified to access them indirectly through the proxy program, as in a client/server approach.  The proxy program slone would have the necessary permissions to access the files/folders.  That'd prevent anyone else from getting into them.  The application program would talk to the proxy and get access via it.  It'd probably be a lot simpler to just stick with Windows built-in security and go the impersonation route.

You might try Windows "Run As" command.  It allows a program to be run in a different security context.  Here's a link to an article that might be useful: http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q294676&  
And here's a link to a page describing the command's syntax: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/ntcmds.mspx

To use Run As you'd need to create an account and give that account access to the files/folders.  You'd then need to create a front-end program that'd launch the actual application.  The front-end program would issue the Run As command to start the actual application.  Run As would prompt for a password which'd be the password for the account that has access.  Of course you'd have to keep the account secret otherwise a clever user would have both the username and the password to get in with.  There might also be some way to pipe the password to the challenge, or to have the front-end program "see" the challenge and stuff the password into it.

Hope this is of some use.
0
 

Author Comment

by:taf
Comment Utility
This won't be a workable solution as I need to be the logged in user and the special account if you can call it that! So the 'Run As' is not going to be suitable.

But thanks for the feedback!

Thierry
0
 

Accepted Solution

by:
modulo earned 0 total points
Comment Utility
PAQed, with points refunded (500)

modulo
Community Support Moderator
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I was working on a PowerPoint add-in the other day and a client asked me "can you implement a feature which processes a chart when it's pasted into a slide from another deck?". It got me wondering how to hook into built-in ribbon events in Office.
You can of course define an array to hold data that is of a particular type like an array of Strings to hold customer names or an array of Doubles to hold customer sales, but what do you do if you want to coordinate that data? This article describes…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now