a couple of questions

delphi package - easy access to security apis
Post Reply
kgulol
Posts: 9
Joined: Sat Jan 07, 2012 5:42 pm

a couple of questions

Post by kgulol »

Got a couple of questions :

1 : is SetAttributes or GetAttributes for a file or directory included in madSecurity ?
2: How can I prevent access to my directory ?I want only my application can access read and write permissions. but prevent user to access My Application Installation Directory,using windows explorer ?
is it possible with madsecurity ?

(Thanks much for these useful and unique libraries to keep updated.)
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: a couple of questions

Post by madshi »

Get/SetFileAttributes are not included in madSecurity. madSecurity concentrates on user specific security aspects, which Get/SetFileAttributes doesn't have much to do with.

The only way to use NTFS attributes to protect your folder from being read by the Windows Explorer is to run your application (or the Windows Explorer) under a different user account. E.g. you could create a private user account with a complicated password. Then you could create a folder and only allow your private user access to that folder via NTFS security rights. Then you could use CreateProcessWithLogonW to restart your application under the private user account.

This would not be a fully safe approach, though. If the user has admin rights, he can always take ownership of any folder and then change the access rights. If you want to create a really safe solution, you'd have to hook into the file system. You could do that by using madCodeHook, but that would be somewhat limited cause it would only affect user land file access. The best solution would be to create a file system driver that only allows your application to access the folder. But even that wouldn't be fully safe yet, because of the user boots the PC with a Linux CD/DVD (or maybe even only in Windows Safe Mode), he could access your folder just fine. You could further improve the situation by encrypting the folder somehow. Something like what TrueCrypt does.
Post Reply