EldoS | Feel safer!

Software components for data protection, secure storage and transfer

More stuff on File Security

Posted: 08/23/2013 17:11:31
by Sid Schipper (Standard support level)
Joined: 03/14/2008
Posts: 285

Hello again everyone.

Regarding Help Desk problem # 23328, which has been auto-closed since I have not done anything with it for months now, I found a workaround that works for me, which is why I haven't corresponded with you about it recently. The workaround is that I mount my drive as a non-network Mounting point and everything works the way I want it to.

OK, so having gotten that out of the way let me go on to discuss what I am doing in general and maybe ask any of you out there if you have done anything similar that you would like to share with me. I am always willing to share what I have done, just ask and I'll send you source code and everything. Of course, my source code may not help many of you because it involves many calls to APIs in our database system, which of course none of you would have, unless by some miracle you are a commercial customer of ours, of which there are only a small number.

Anyway, what I have done is implemented security on my database objects using the Windows Explorer Security Tab that exists when you right click a file and click "Properties". That Security Tab interacts with the CbFs callbacks "OnGetFileSecurity" and "OnSetFileSecurity", so that is where I have implemented my security code to apply the security from my database system rather than Windows security, which obviously doesn't exist for my database objects because Windows knows nothing about them.

Anyway, the real difficulty with doing what I have done is that you have to communicate with Windows using the SDDL (Security Descrip[tor Definition Language) which is very confusing and not at all documented well.

Also, in the callbacks you do not have access to any of the controls on the Security Tab dialog box, which I'm sure is just an MFC Property Sheet, but getting at it is also difficult. I haven't tried yet finding the Windows Handle for that Property Sheet page, but that is something I was contemplating. The reason is that if you do not have access to those controls you are at the mercy of the Windows Operating System to place into that dialog box what you want to be there. It is possible to do that for many of the things you want in the dialog box, like permissions, but some of the things that are there, like the values of the check boxes are not accessible through the SDDL, so having access to the actual controls would be nice.

Anyway, that is my musings on the Security Tab and implementing it with CbFs, if any of you are interested in this, let me know and we can talk further.



Topic viewed 671 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!