EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Filtering rules based on caller?

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 08/26/2014 03:53:35
by Jonathan Blum (Basic support level)
Joined: 08/26/2014
Posts: 3

Hi, quick conceptual question --

When using Callback Filter for encryption, is there any easy way to read/copy an encrypted file out of a filtered folder *without* decrypting it, if certain conditions are met?

I have a situation where I want to back up a bunch of encrypted files without losing the encryption -- either through a network copy, or to a cloud provider. I've been looking at the possibility of incorporating into my callbacks something which checks which process is trying to access the file, and returning the filtered or unfiltered version of the file as appropriate. So is there any way to determine this through the Callback Filter framework?
Posted: 08/26/2014 03:59:33
by Eugene Mayevski (EldoS Corp.)

While you can determine the caller using GetOriginator* methods of CallbackFilter class, the conceptual problem with this approach is that the OS expects the filesystem to return the same data no matter what the caller is. The reason is caching - the data is read to the cache and then given to various processes that read the files.

In NTFS this problem is solved by using FILE_FLAG_BACKUP_SEMANTICS flag when opening the file. However, we didn't investigate the behavior of the OS in this aspect and possibility to use this flag for the tasks like yours.

Sincerely yours
Eugene Mayevski
Posted: 08/26/2014 06:29:59
by Jonathan Blum (Basic support level)
Joined: 08/26/2014
Posts: 3

Thanks -- good to know that this method would be shaky ground!

If I'm going down the wrong road and there's a more orthodox way to pass encrypted files to Dropbox or something similar without decrypting, feel free to point me to it. :-)

Jon Blum
Posted: 08/26/2014 06:36:24
by Eugene Mayevski (EldoS Corp.)

Well, you can create a virtual directory with virtual files and restrict access to this directory to only your backup tool. Your event handlers will exposes the encrypted data via those virtual files and your backup tool will be able to pick them encrypted. Will this work for you ?

Sincerely yours
Eugene Mayevski



Topic viewed 1777 times

Number of guests: 2, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!