Re: Make Security to Directory
From: Dominick Baier [DevelopMentor] (dbaier_at_pleasepleasenospamdevelop.com)
Date: 05/19/05
- Next message: otto: "Problems calling a Dll..."
- Previous message: SimonJClarke_at_gmail.com: "Private member access."
- In reply to: husamal_ahmadi_at_yahoo.com: "Re: Make Security to Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 May 2005 03:54:26 -0700
Hello husamal_ahmadi@yahoo.com,
you will never be able to "hide" something from an admin.
You can indeed prevent normal users from modifying/reading the data :
run as admin, create the files, ACL them. But then your application (running
as a normal user) won't be able to read the files also.
If you want to store "secrets" on a client machine - encrypt them. System.Security.Cryptography
is your friend.
Be aware that you need a key for encryption - this has to be stored somehow
- e.g. hardcoded in your app code - this is also not a perfect solution,
but significantly (depending on your clients) raises the bar.
Encryption is not integrity protection - you could use keyed hashes for that,
e.g. This could get complicated quickly.
So if you only want to store something on the client and your app needs only
read access:
run an installer as admin
encrypt the files
put ACLs in place that prevent modification
a sample app for encrypting files can be found here:
http://www.leastprivilege.com/PermaLink.aspx?guid=f73ca1e0-bcfa-4563-862f-eb06ab317075
HTH
---------------------------------------
Dominick Baier - DevelopMentor
http://www.leastprivilege.com
> Hi Nicole :
>
> My goal behind that I want to prevent reading and modifying all the
> files by all users.
>
> regard's
>
> Husam
>
- Next message: otto: "Problems calling a Dll..."
- Previous message: SimonJClarke_at_gmail.com: "Private member access."
- In reply to: husamal_ahmadi_at_yahoo.com: "Re: Make Security to Directory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
