Hi,
In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.
I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...
I first guessed that using WMI it could be doable (System.Managem ent
namespace) but it only provides a way to retrieve information...
I then looked at interop but I couldn't find any library that could do the
job for me...
Now, comes my question, what would be your guess to handle this
functionality in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments...
Thanks
Amadrias
11  8328 
"Amadrias" <Am******@discu ssions.microsof t.com> wrote: Hi,
In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.
I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...
Did you check out isolated storage?
"Isolated Storage"
http://msdn.microsoft.com/library/de...tedStorage.asp
"Manage User Settings in Your .NET App with a Custom
Preferences API"
http://msdn.microsoft.com/msdnmag/is...ompreferences/
this may also be of interest:
How To Create a DPAPI Library
http://msdn.microsoft.com/library/de...secnetht07.asp
I first guessed that using WMI it could be doable (System.Managem ent
namespace) but it only provides a way to retrieve information...
I then looked at interop but I couldn't find any library that could do the
job for me...
Now, comes my question, what would be your guess to handle this
functionalit y in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments.. .
Thanks
Amadrias
'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15
First thanks for this quick answer...
Unfortunatelly, this doesn't match my client requirements:
On the storage location, I knew that IsolatedStorage could provide me a good
place to store preferences data. Now, this doesn't provide a real secured
zone as if you are an administrator, you still can have access to the
isolated storage locations and manipulate the files which is something my
client doesn't want them to be able to do.
The unique way I can answer my client requirements is to programmaticall y
create a new partition on a hard drive or even in a removable storage and
then, make this partition not available to windows...
And I need a hand on this part...
Thanks,
Amadrias
"UAError" wrote: "Amadrias" <Am******@discu ssions.microsof t.com> wrote:
Hi,
In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.
I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...
Did you check out isolated storage?
"Isolated Storage"
http://msdn.microsoft.com/library/de...tedStorage.asp
"Manage User Settings in Your .NET App with a Custom
Preferences API"
http://msdn.microsoft.com/msdnmag/is...ompreferences/
this may also be of interest:
How To Create a DPAPI Library
http://msdn.microsoft.com/library/de...secnetht07.asp
I first guessed that using WMI it could be doable (System.Managem ent
namespace) but it only provides a way to retrieve information...
I then looked at interop but I couldn't find any library that could do the
job for me...
Now, comes my question, what would be your guess to handle this
functionalit y in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments.. .
Thanks
Amadrias
'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15
Just to add some information...
I've found an open source project that provides the kind of features I am
looking for: http://truecrypt.sourceforge.net/
However, the overall is compiled in a single .exe file and not shared as a
..dll that I could therefore import within my project...
Amadrias
"Amadrias" wrote: First thanks for this quick answer...
Unfortunatelly, this doesn't match my client requirements:
On the storage location, I knew that IsolatedStorage could provide me a good
place to store preferences data. Now, this doesn't provide a real secured
zone as if you are an administrator, you still can have access to the
isolated storage locations and manipulate the files which is something my
client doesn't want them to be able to do.
The unique way I can answer my client requirements is to programmaticall y
create a new partition on a hard drive or even in a removable storage and
then, make this partition not available to windows...
And I need a hand on this part...
Thanks,
Amadrias
"UAError" wrote:
"Amadrias" <Am******@discu ssions.microsof t.com> wrote:
Hi,
In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.
I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...
Did you check out isolated storage?
"Isolated Storage"
http://msdn.microsoft.com/library/de...tedStorage.asp
"Manage User Settings in Your .NET App with a Custom
Preferences API"
http://msdn.microsoft.com/msdnmag/is...ompreferences/
this may also be of interest:
How To Create a DPAPI Library
http://msdn.microsoft.com/library/de...secnetht07.asp
I first guessed that using WMI it could be doable (System.Managem ent
namespace) but it only provides a way to retrieve information...
I then looked at interop but I couldn't find any library that could do the
job for me...
Now, comes my question, what would be your guess to handle this
functionalit y in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments.. .
Thanks
Amadrias
'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15
"Amadrias" <Am******@discu ssions.microsof t.com> wrote: First thanks for this quick answer...
Unfortunatelly , this doesn't match my client requirements:
On the storage location, I knew that IsolatedStorage could provide me a good
place to store preferences data. Now, this doesn't provide a real secured
zone as if you are an administrator, you still can have access to the
isolated storage locations and manipulate the files which is something my
client doesn't want them to be able to do.
The unique way I can answer my client requirements is to programmaticall y
create a new partition on a hard drive or even in a removable storage and
then, make this partition not available to windows...
And I need a hand on this part...
I've found an open source project that provides the kind of features I am
looking for:
http://truecrypt.sourceforge.net/
However, the overall is compiled in a single .exe file and not shared as a
.dll that I could therefore import within my project...
Amadrias
Looks like you have an uneviable task ahead of you...
Because your client's real vulnerabilty is the lack of trust
in the administrator.
10 Immutable Laws of Security http://www.microsoft.com/technet/arc.../10imlaws.mspx
Law #6: A computer is only as secure as the administrator is
trustworthy
Lets face it, that data will have to be unencrypted at some
point of time to be useful and thats when somebody
sufficiently competent and motivated can get at it
especially with administrator privileges.
You could simply write a wrapper class for truecrypt and use
it through the Process class. http://msdn.microsoft.com/library/de...classtopic.asp
however that would still leave your unencrypted data
vulnerable in your process memory and possibly the paging
file.
Creating a partiton on the disk is a pretty low level
operation - you may simply want to defer that to an
"pre-installation requirement" that there has to an
existing, usable (formatted) partition. Most systems are
delivered fully partitoned and your don't want to have to
reinvent something like "Partition Magic" to shrink an
existing partition to make room for the hidden partition.
That still leaves the unhiding and hiding of the partition
before and after use and all the problems that might entail
through the file system...
A removable 1 GB USB jumpdrive is starting to look real
good...
Good Luck
'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15
You can always encrypt the contents of the folder and/or files you create
using the user key and DPAPI. An admin cannot read the contents of user
encrypted folders.
Shariq Khan sh****@shariqkh an.com
"Amadrias" <Am******@discu ssions.microsof t.com> wrote in message
news:17******** *************** ***********@mic rosoft.com... Hi,
In one of my current projects, I am willing to create a secure zone such
as
Acronis does in its application to store some confidential information
only
accessible to the current machine user.
I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...
I first guessed that using WMI it could be doable (System.Managem ent
namespace) but it only provides a way to retrieve information...
I then looked at interop but I couldn't find any library that could do the
job for me...
Now, comes my question, what would be your guess to handle this
functionality in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments...
Thanks
Amadrias
Amadrias <Am******@discu ssions.microsof t.com> wrote: Just to add some information...
I've found an open source project that provides the kind of features I am
looking for:
http://truecrypt.sourceforge.net/
However, the overall is compiled in a single .exe file and not shared as a
.dll that I could therefore import within my project...
That's only if you use the compiled exe, however. The project is open
source, so presumably you could compile it to a DLL yourself.
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
UAError <nu**@null.null > wrote:
<snip> Law #6: A computer is only as secure as the administrator is
trustworthy
Lets face it, that data will have to be unencrypted at some
point of time to be useful and thats when somebody
sufficiently competent and motivated can get at it
especially with administrator privileges.
<snip>
While that's true of computer security *in general*, it's not
necessarily true of all data stored on a computer. If I encrypt a
message with a pass phrase (using a suitably secure algorithm, of
course), and that pass phrase itself is only stored in my head, you
could be the administrator of whatever computer you want - you still
won't be able to get the plaintext without knowing the pass phrase.
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Jon Skeet [C# MVP] <sk***@pobox.co m> wrote: UAError <nu**@null.null > wrote:
<snip>
Law #6: A computer is only as secure as the administrator is
trustworthy
Lets face it, that data will have to be unencrypted at some
point of time to be useful and thats when somebody
sufficiently competent and motivated can get at it
especially with administrator privileges.
<snip>
While that's true of computer security *in general*, it's not
necessarily true of all data stored on a computer. If I encrypt a
message with a pass phrase (using a suitably secure algorithm, of
course), and that pass phrase itself is only stored in my head, you
could be the administrator of whatever computer you want - you still
won't be able to get the plaintext without knowing the pass phrase.
That wasn't my point. You are simply referring do the data
in its encrypted state - but somebody with administrative
privileges has the means to disclose your secrets when YOU
are working with them in their UNENCRYPTED state.
The key phrase here is "sufficient ly competent and
motivated". An attacker with local administrator privileges
could install utilities to snap shot your process memory
and/or paging file to capture your unencrypted secrets. A
network administrator could do the same remotely. This puts
additional pressure on the developer to keep the unencrypted
secrets from being swapped to the paging file, erasing any
buffer memory used and to leave secrets unencrypted for the
shortest possible window inside the application. However the
secrets remain vulnerable while they are being displayed to
the user in the clear.
So you could say "it IS necessarily true for all data USED
on the computer".
UAError <nu**@null.null > wrote: While that's true of computer security *in general*, it's not
necessarily true of all data stored on a computer. If I encrypt a
message with a pass phrase (using a suitably secure algorithm, of
course), and that pass phrase itself is only stored in my head, you
could be the administrator of whatever computer you want - you still
won't be able to get the plaintext without knowing the pass phrase.
That wasn't my point. You are simply referring do the data
in its encrypted state - but somebody with administrative
privileges has the means to disclose your secrets when YOU
are working with them in their UNENCRYPTED state.
You're assuming that the unencrypted data is ever present on the
computer. I could email you an encrypted file, and whatever rights you
have on your computer, you wouldn't be able to decrypt it. There's
nothing to say that I would then need to decrypt it at any stage on
your computer. You could keep it for me and then pass it back to me for
decryption on my trusted computer at a later date.
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet
If replying to the group, please do not mail me too This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Amadrias |
last post by:
Hi,
In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.
I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...
I first guessed that using WMI it could be doable (System.Management
|
by: Null Reference |
last post by:
Anybody here who can explain or point me to a link ?
I wish to create a blank MS Access DB file programmatically
using C# .
Thanks, nfs
|
by: John Salerno |
last post by:
Forgive my excitement, especially if you are already aware of this, but
this seems like the kind of feature that is easily overlooked (yet could
be very useful):
Both 8-bit and Unicode strings have new partition(sep) and
rpartition(sep) methods that simplify a common use case.
The find(S) method is often used to get an index which is then used to
slice the string and obtain the pieces that are before and after the
separator....
|
by: cpressley2 |
last post by:
Hi,
On a multi-partition instance, can you create a database on a single
parition? How???
The db architects want to use one instance for four databases where
only one is big enough for a multi-partition. The other three are
small. I'd like to create them only on one partition but can't find any
documention on how to do this.
|
by: Laurence |
last post by:
Hi folks,
As I konw: database partition (aka data partition?), the database can
span multiple machines; table partition, the data within a table can
seperate by certain condition.
How about inter-partition and intra-partition? Is inter-partition
database partition...?
| | |
by: m.smith_1999 |
last post by:
Hello,
I'm a student software developer.
As a part of an excerise I'm doing I'm trying to build a program to
create "mount files" and mount them.
Something like Sarah Dean's OTFE but really really basic, just to
create partitions and mount them. Nothing else.
All I want to do is be able to create a hidden partition inside an
existing partition (by providing an offset just like in FreeOTFE) and
be able to mount and dismount it.
Without...
|
by: ALLYWEIR |
last post by:
Hi,
I am trying to create a partitoned table using the following:-
CREATE TABLE ORDERS(ID INT, SHIPDATE DATE)
PARTITION BY RANGE(SHIPDATE)
(
STARTING '1/1/2006' ENDING '12/31/2006'
EVERY 3 MONTHS
);
|
by: nbajrach |
last post by:
how to partition on a table if table already exits without any partition.
This is what i tried but gave me error
SQL> alter table sip add partition by range(si_id)
2 partition p1_si values less than (50001),
3 partition p2_si values less than (100001),
|
by: Geolas |
last post by:
Hi, new to this community.I am not really sure if this was the right place, because this community seem to be for developers really.
Well my question is, as the topic states, how to create a virtual or ghost partition?
I think virtual might be the wrong term for it, as when i try to google it, it comes with creating a drive letter to go to a folder in your current drive. Which wasn't exactly what i was looking for.
And when try to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
