Home > Archive > VC Language > January 2006 > How to Protect a File
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
How to Protect a File
|
|
| Revolution 2006-01-25, 7:58 am |
| Dear Gurus,
I want to protect a file in the folder for that I Encrypt the file. It was
Encrypted but it won't be safe bcz anyone can change the content so that I
can't decrypt it. Now I want to Protect the File without giving permission to
open or edit a file so that I used the Lock API it will lock the file.
But I want to lock the file whenever the system logs on and I have to
maintain the Handle value in the memory to unlock it.
So that I need some more solutions, pls help me
Is there any other way to Protect a file from without opening, editing or
closing
Is there any other way to protect the file without being opened, edited and
changed. Waiting for ur reply
| |
| Igor Tandetnik 2006-01-25, 7:58 am |
| "Revolution" <Revolution@discussions.microsoft.com> wrote in message
news:869D782C-58A5-4F03-A37D-B9BF98C695C5@microsoft.com
> I want to protect a file in the folder for that I Encrypt the file.
> It was Encrypted but it won't be safe bcz anyone can change the
> content so that I can't decrypt it. Now I want to Protect the File
> without giving permission to open or edit a file so that I used the
> Lock API it will lock the file.
>
> But I want to lock the file whenever the system logs on and I have to
> maintain the Handle value in the memory to unlock it.
You can't really. You can use SetNamedSecurityInfo to restrict who can
access the file. But some user is still owning the data, and you can't
really prevent her from messing with it.
What you can do is make the file tamper-proof: you can't prevent the
file being edited, but you can make any editing detectable. In the
simplest case, calculate a hash of cleartext contents of the file and
store it together with encrypted data. When decrypting, calculate the
hash and check that it matches the one stored in the file. If they don't
match, either the data or the hash have been tampered with - tell this
to the user and refuse to process the file further.
--
With best wishes,
Igor Tandetnik
With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925
| |
| Ben Voigt 2006-01-26, 7:08 pm |
|
"Revolution" <Revolution@discussions.microsoft.com> wrote in message
news:869D782C-58A5-4F03-A37D-B9BF98C695C5@microsoft.com...
> Dear Gurus,
>
> I want to protect a file in the folder for that I Encrypt the file. It was
> Encrypted but it won't be safe bcz anyone can change the content so that I
> can't decrypt it. Now I want to Protect the File without giving permission
> to
> open or edit a file so that I used the Lock API it will lock the file.
>
> But I want to lock the file whenever the system logs on and I have to
> maintain the Handle value in the memory to unlock it.
>
> So that I need some more solutions, pls help me
>
> Is there any other way to Protect a file from without opening, editing or
> closing
>
> Is there any other way to protect the file without being opened, edited
> and
> changed. Waiting for ur reply
>
You need overall security, from physical security (if someone moves your HDD
into a box running their OS, there's not a thing you can do to stop them
from corrupting your file), to OS security (if someone modifies your
executable, they can do anything they want with your data -- and force you
to do the encryption/decryption for them), to data security.
Probably what you will need is a system service that runs in the background,
and only it (SYSTEM account) has privileges to the datafile. Your
application must authenticate to the service to read or write the data,
which is done using message-passing, so the application never accesses the
file itself.
In this way, no one except an Administrator can edit the datafile, and even
then not by accident (they have to do privilege escalation using another
system service, such as "At", to become the SYSTEM account and change it).
You will never stop an administrator, because they can install/load device
drivers which can read/write any piece of data anywhere in the system
bypassing security.
|
|
|
|
|