473,324 Members | 2,400 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

How to programmatically create a partition?

Hi,

In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.

I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...

I first guessed that using WMI it could be doable (System.Management
namespace) but it only provides a way to retrieve information...

I then looked at interop but I couldn't find any library that could do the
job for me...

Now, comes my question, what would be your guess to handle this
functionality in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments...

Thanks

Amadrias
Nov 22 '05 #1
11 8263
"Amadrias" <Am******@discussions.microsoft.com> wrote:
Hi,

In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.

I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...
Did you check out isolated storage?

"Isolated Storage"
http://msdn.microsoft.com/library/de...tedStorage.asp

"Manage User Settings in Your .NET App with a Custom
Preferences API"
http://msdn.microsoft.com/msdnmag/is...ompreferences/
this may also be of interest:

How To Create a DPAPI Library
http://msdn.microsoft.com/library/de...secnetht07.asp

I first guessed that using WMI it could be doable (System.Management
namespace) but it only provides a way to retrieve information...

I then looked at interop but I couldn't find any library that could do the
job for me...

Now, comes my question, what would be your guess to handle this
functionality in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments...

Thanks

Amadrias


'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15
Nov 22 '05 #2
First thanks for this quick answer...

Unfortunatelly, this doesn't match my client requirements:

On the storage location, I knew that IsolatedStorage could provide me a good
place to store preferences data. Now, this doesn't provide a real secured
zone as if you are an administrator, you still can have access to the
isolated storage locations and manipulate the files which is something my
client doesn't want them to be able to do.

The unique way I can answer my client requirements is to programmatically
create a new partition on a hard drive or even in a removable storage and
then, make this partition not available to windows...

And I need a hand on this part...

Thanks,

Amadrias

"UAError" wrote:
"Amadrias" <Am******@discussions.microsoft.com> wrote:
Hi,

In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.

I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...


Did you check out isolated storage?

"Isolated Storage"
http://msdn.microsoft.com/library/de...tedStorage.asp

"Manage User Settings in Your .NET App with a Custom
Preferences API"
http://msdn.microsoft.com/msdnmag/is...ompreferences/
this may also be of interest:

How To Create a DPAPI Library
http://msdn.microsoft.com/library/de...secnetht07.asp

I first guessed that using WMI it could be doable (System.Management
namespace) but it only provides a way to retrieve information...

I then looked at interop but I couldn't find any library that could do the
job for me...

Now, comes my question, what would be your guess to handle this
functionality in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments...

Thanks

Amadrias


'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15

Nov 22 '05 #3
Just to add some information...

I've found an open source project that provides the kind of features I am
looking for:
http://truecrypt.sourceforge.net/

However, the overall is compiled in a single .exe file and not shared as a
..dll that I could therefore import within my project...

Amadrias

"Amadrias" wrote:
First thanks for this quick answer...

Unfortunatelly, this doesn't match my client requirements:

On the storage location, I knew that IsolatedStorage could provide me a good
place to store preferences data. Now, this doesn't provide a real secured
zone as if you are an administrator, you still can have access to the
isolated storage locations and manipulate the files which is something my
client doesn't want them to be able to do.

The unique way I can answer my client requirements is to programmatically
create a new partition on a hard drive or even in a removable storage and
then, make this partition not available to windows...

And I need a hand on this part...

Thanks,

Amadrias

"UAError" wrote:
"Amadrias" <Am******@discussions.microsoft.com> wrote:
Hi,

In one of my current projects, I am willing to create a secure zone such as
Acronis does in its application to store some confidential information only
accessible to the current machine user.

I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...


Did you check out isolated storage?

"Isolated Storage"
http://msdn.microsoft.com/library/de...tedStorage.asp

"Manage User Settings in Your .NET App with a Custom
Preferences API"
http://msdn.microsoft.com/msdnmag/is...ompreferences/
this may also be of interest:

How To Create a DPAPI Library
http://msdn.microsoft.com/library/de...secnetht07.asp

I first guessed that using WMI it could be doable (System.Management
namespace) but it only provides a way to retrieve information...

I then looked at interop but I couldn't find any library that could do the
job for me...

Now, comes my question, what would be your guess to handle this
functionality in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments...

Thanks

Amadrias


'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15

Nov 22 '05 #4
"Amadrias" <Am******@discussions.microsoft.com> wrote:
First thanks for this quick answer...

Unfortunatelly, this doesn't match my client requirements:

On the storage location, I knew that IsolatedStorage could provide me a good
place to store preferences data. Now, this doesn't provide a real secured
zone as if you are an administrator, you still can have access to the
isolated storage locations and manipulate the files which is something my
client doesn't want them to be able to do.

The unique way I can answer my client requirements is to programmatically
create a new partition on a hard drive or even in a removable storage and
then, make this partition not available to windows...

And I need a hand on this part...

I've found an open source project that provides the kind of features I am
looking for:
http://truecrypt.sourceforge.net/

However, the overall is compiled in a single .exe file and not shared as a
.dll that I could therefore import within my project...

Amadrias

Looks like you have an uneviable task ahead of you...

Because your client's real vulnerabilty is the lack of trust
in the administrator.

10 Immutable Laws of Security
http://www.microsoft.com/technet/arc.../10imlaws.mspx

Law #6: A computer is only as secure as the administrator is
trustworthy

Lets face it, that data will have to be unencrypted at some
point of time to be useful and thats when somebody
sufficiently competent and motivated can get at it
especially with administrator privileges.
You could simply write a wrapper class for truecrypt and use
it through the Process class.
http://msdn.microsoft.com/library/de...classtopic.asp

however that would still leave your unencrypted data
vulnerable in your process memory and possibly the paging
file.
Creating a partiton on the disk is a pretty low level
operation - you may simply want to defer that to an
"pre-installation requirement" that there has to an
existing, usable (formatted) partition. Most systems are
delivered fully partitoned and your don't want to have to
reinvent something like "Partition Magic" to shrink an
existing partition to make room for the hidden partition.

That still leaves the unhiding and hiding of the partition
before and after use and all the problems that might entail
through the file system...
A removable 1 GB USB jumpdrive is starting to look real
good...

Good Luck
'Any fool can write code that a computer can understand.
Good programmers write code that humans can understand.'
Martin Fowler,
'Refactoring: improving the design of existing code', p.15
Nov 22 '05 #5
You can always encrypt the contents of the folder and/or files you create
using the user key and DPAPI. An admin cannot read the contents of user
encrypted folders.

Shariq Khan
sh****@shariqkhan.com
"Amadrias" <Am******@discussions.microsoft.com> wrote in message
news:17**********************************@microsof t.com...
Hi,

In one of my current projects, I am willing to create a secure zone such
as
Acronis does in its application to store some confidential information
only
accessible to the current machine user.

I know that .Net doesn't provide such functionalities therefore I went on
MSDN Library and also on Google to look for any solution with no result...

I first guessed that using WMI it could be doable (System.Management
namespace) but it only provides a way to retrieve information...

I then looked at interop but I couldn't find any library that could do the
job for me...

Now, comes my question, what would be your guess to handle this
functionality in my program...? I don't care if it has to be written in
unmanaged code as my current client users are binded to Windows
environments...

Thanks

Amadrias

Nov 22 '05 #6
Amadrias <Am******@discussions.microsoft.com> wrote:
Just to add some information...

I've found an open source project that provides the kind of features I am
looking for:
http://truecrypt.sourceforge.net/

However, the overall is compiled in a single .exe file and not shared as a
.dll that I could therefore import within my project...


That's only if you use the compiled exe, however. The project is open
source, so presumably you could compile it to a DLL yourself.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #7
UAError <nu**@null.null> wrote:

<snip>
Law #6: A computer is only as secure as the administrator is
trustworthy

Lets face it, that data will have to be unencrypted at some
point of time to be useful and thats when somebody
sufficiently competent and motivated can get at it
especially with administrator privileges.


<snip>

While that's true of computer security *in general*, it's not
necessarily true of all data stored on a computer. If I encrypt a
message with a pass phrase (using a suitably secure algorithm, of
course), and that pass phrase itself is only stored in my head, you
could be the administrator of whatever computer you want - you still
won't be able to get the plaintext without knowing the pass phrase.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #8
Jon Skeet [C# MVP] <sk***@pobox.com> wrote:
UAError <nu**@null.null> wrote:

<snip>
Law #6: A computer is only as secure as the administrator is
trustworthy

Lets face it, that data will have to be unencrypted at some
point of time to be useful and thats when somebody
sufficiently competent and motivated can get at it
especially with administrator privileges.


<snip>

While that's true of computer security *in general*, it's not
necessarily true of all data stored on a computer. If I encrypt a
message with a pass phrase (using a suitably secure algorithm, of
course), and that pass phrase itself is only stored in my head, you
could be the administrator of whatever computer you want - you still
won't be able to get the plaintext without knowing the pass phrase.


That wasn't my point. You are simply referring do the data
in its encrypted state - but somebody with administrative
privileges has the means to disclose your secrets when YOU
are working with them in their UNENCRYPTED state.

The key phrase here is "sufficiently competent and
motivated". An attacker with local administrator privileges
could install utilities to snap shot your process memory
and/or paging file to capture your unencrypted secrets. A
network administrator could do the same remotely. This puts
additional pressure on the developer to keep the unencrypted
secrets from being swapped to the paging file, erasing any
buffer memory used and to leave secrets unencrypted for the
shortest possible window inside the application. However the
secrets remain vulnerable while they are being displayed to
the user in the clear.

So you could say "it IS necessarily true for all data USED
on the computer".
Nov 22 '05 #9
UAError <nu**@null.null> wrote:
While that's true of computer security *in general*, it's not
necessarily true of all data stored on a computer. If I encrypt a
message with a pass phrase (using a suitably secure algorithm, of
course), and that pass phrase itself is only stored in my head, you
could be the administrator of whatever computer you want - you still
won't be able to get the plaintext without knowing the pass phrase.


That wasn't my point. You are simply referring do the data
in its encrypted state - but somebody with administrative
privileges has the means to disclose your secrets when YOU
are working with them in their UNENCRYPTED state.


You're assuming that the unencrypted data is ever present on the
computer. I could email you an encrypted file, and whatever rights you
have on your computer, you wouldn't be able to decrypt it. There's
nothing to say that I would then need to decrypt it at any stage on
your computer. You could keep it for me and then pass it back to me for
decryption on my trusted computer at a later date.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #10
Jon Skeet [C# MVP] <sk***@pobox.com> wrote:
UAError <nu**@null.null> wrote:
>While that's true of computer security *in general*, it's not
>necessarily true of all data stored on a computer. If I encrypt a
>message with a pass phrase (using a suitably secure algorithm, of
>course), and that pass phrase itself is only stored in my head, you
>could be the administrator of whatever computer you want - you still
>won't be able to get the plaintext without knowing the pass phrase.


That wasn't my point. You are simply referring do the data
in its encrypted state - but somebody with administrative
privileges has the means to disclose your secrets when YOU
are working with them in their UNENCRYPTED state.


You're assuming that the unencrypted data is ever present on the
computer. I could email you an encrypted file, and whatever rights you
have on your computer, you wouldn't be able to decrypt it. There's
nothing to say that I would then need to decrypt it at any stage on
your computer. You could keep it for me and then pass it back to me for
decryption on my trusted computer at a later date.


Again you are entirely missing the point. Your scenario is
sound simply because the data is never decrypted. Here I'm
not concerned with the administrators of the machines where
the encrypted data resides - though they still have ample of
opportunity for brute force attacks.

I was concerned with the administrators of the machines
where the data is being encryted, decrypted and worked with.

So you still have to be able to TRUST the administrator of
your TRUSTED computer - otherwise your are vulnerable to
"eavesdropping"/"monitoring" while you work with your
(unencrypted) precious secrets. There is no point of having
encrypted data that will never be decrypted - you might as
well destroy it.

Nov 22 '05 #11
UAError <nu**@null.null> wrote:
You're assuming that the unencrypted data is ever present on the
computer. I could email you an encrypted file, and whatever rights you
have on your computer, you wouldn't be able to decrypt it. There's
nothing to say that I would then need to decrypt it at any stage on
your computer. You could keep it for me and then pass it back to me for
decryption on my trusted computer at a later date.


Again you are entirely missing the point. Your scenario is
sound simply because the data is never decrypted. Here I'm
not concerned with the administrators of the machines where
the encrypted data resides - though they still have ample of
opportunity for brute force attacks.

I was concerned with the administrators of the machines
where the data is being encryted, decrypted and worked with.

So you still have to be able to TRUST the administrator of
your TRUSTED computer - otherwise your are vulnerable to
"eavesdropping"/"monitoring" while you work with your
(unencrypted) precious secrets. There is no point of having
encrypted data that will never be decrypted - you might as
well destroy it.


Yes, you have to trust the administrator of the trusted computer. That
much I wouldn't deny. I was only disagreeing with your idea that if you
store data on any computer in any way, and that computer has an
untrustworthy administrator, your data is insecure. My scenario is a
counter-example to that.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet
If replying to the group, please do not mail me too
Nov 22 '05 #12

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

9
by: Amadrias | last post by:
Hi, In one of my current projects, I am willing to create a secure zone such as Acronis does in its application to store some confidential information only accessible to the current machine...
6
by: Null Reference | last post by:
Anybody here who can explain or point me to a link ? I wish to create a blank MS Access DB file programmatically using C# . Thanks, nfs
25
by: John Salerno | last post by:
Forgive my excitement, especially if you are already aware of this, but this seems like the kind of feature that is easily overlooked (yet could be very useful): Both 8-bit and Unicode strings...
2
by: cpressley2 | last post by:
Hi, On a multi-partition instance, can you create a database on a single parition? How??? The db architects want to use one instance for four databases where only one is big enough for a...
1
by: Laurence | last post by:
Hi folks, As I konw: database partition (aka data partition?), the database can span multiple machines; table partition, the data within a table can seperate by certain condition. How about...
3
by: m.smith_1999 | last post by:
Hello, I'm a student software developer. As a part of an excerise I'm doing I'm trying to build a program to create "mount files" and mount them. Something like Sarah Dean's OTFE but really...
0
by: ALLYWEIR | last post by:
Hi, I am trying to create a partitoned table using the following:- CREATE TABLE ORDERS(ID INT, SHIPDATE DATE) PARTITION BY RANGE(SHIPDATE) ( STARTING '1/1/2006' ENDING...
3
by: nbajrach | last post by:
how to partition on a table if table already exits without any partition. This is what i tried but gave me error SQL> alter table sip add partition by range(si_id) 2 partition p1_si...
2
by: Geolas | last post by:
Hi, new to this community.I am not really sure if this was the right place, because this community seem to be for developers really. Well my question is, as the topic states, how to create a...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.