Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: C++ Windows
Is there a way to secure files created by my application so that it is even impossible for the administrator to delete them?
 
There is this finance related application I am working on. I have this concern that fraudulent users might,in order to cover up fraud, delete sensitive files. I wish to know how I can secure such important files and folders from such fraudulent users.
Posted 23-Sep-12 10:40am
Comments
Wes Aday at 23-Sep-12 15:44pm
   
No
Sergey Alexandrovich Kryukov at 23-Sep-12 20:28pm
   
But not precisely correct. It all depends on what period of time it should be protected. Please see my answer.
--SA
pasztorpisti at 23-Sep-12 16:13pm
   
Build a readonly removable USB drive with your files on it burnt for example to some kind of rom, get a screwdriver and install it into the machine.
Sergey Alexandrovich Kryukov at 23-Sep-12 20:31pm
   
I don't think that might satisfy the OP, but it's a good way of going beyond the assumed conditions...
I actually provided an answer, please see.
--SA
Mohibur Rashid at 23-Sep-12 19:40pm
   
You should learn one very important thing about so called security. If you cant provide physical security then there is no security at all. You better rethink your design.
Sergey Alexandrovich Kryukov at 23-Sep-12 20:30pm
   
This is a good note. Even though I answered the question (please see), the review of the approach could be much better.
--SA
pasztorpisti at 23-Sep-12 20:52pm
   
Absolutely true.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

This is quite possible to lock the files this way, of course, on temporary basis. To do that, it's enough to open the files based on exclusive access (which happens by default), and keep them open. If this is a Windows Service, it can be re-started automatically on system reboot; and the application processes won't stop if a use logs out and other users log in.
 
Of course, the administrator can always kill your process, but we are not talking about the impossible, right? After all, anyone can reformat the hard drive, but this is not what you want to take into account, I hope.
 
—SA
  Permalink  
Comments
pasztorpisti at 23-Sep-12 20:56pm
   
+5 this might work, at least I don't know any way to circumvent it
Sergey Alexandrovich Kryukov at 23-Sep-12 21:00pm
   
Thank you.
--SA
Mohibur Rashid at 23-Sep-12 20:56pm
   
its a fact that you can always create a service both in linux and windows to lock file. but op dont want his file to be deleted even by administrator. I also dont think admin will like the idea of loosing control of system either. If the machine has multiple admin, then the suggestion would be dont give your admin password to everyone around you. And admin must have to know about op's application. As well as op must have to think about about, in a regular interval, backup taking procedure. Because even if the Admin is smart enough not to destroy your important things, op's machine can fail. Hard-disk can be corrupted.. So in summery, I still think there is better way to develop application where no body need an option of "No one can delete"
Sergey Alexandrovich Kryukov at 23-Sep-12 21:04pm
   
What can I say? You should follow strict logic and understand that there is no such thing as a miracle.
I just answered your question, and answered in full, because everything else is just permissions the admin can change.
 
"Nobody needs and option..." is probably the best approach, but remember that you did not describe your ultimate goal, so the different approach could not be possibly advised. I think you should review your general approach. And accept this answer formally (green button)...
--SA
Mohibur Rashid at 23-Sep-12 21:14pm
   
I didnt ask :) the question hehehe..
 
Besides I gave you a +5 for your answer
Sergey Alexandrovich Kryukov at 24-Sep-12 0:17am
   
Thank you, Mohibur.
Sorry, I replied to you as to OP by mistake...
--SA
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Your problem cannot be resolved through technical means. It requires a management control too.
 
You need to have a good logging/monitoring mechanism. This will support management controls.
 
Creating a good logging mechanism is out of scope of a quick answer Smile | :)
 
Some ideas:
1. Log to a remote computer where local administrator doesn't have access.
 
2. Use Hardware security modules and store signature keys there. Then use them to sign access logs. In this way administrator cannot change signing keys and hence cannot delete/modify the logs undetected.
 
3. Configure Windows security logging appropriately.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 370
1 OriginalGriff 195
2 Zoltán Zörgő 124
3 Dave Kreskowiak 120
4 DamithSL 115
0 OriginalGriff 7,610
1 DamithSL 5,559
2 Sergey Alexandrovich Kryukov 5,324
3 Maciej Los 4,961
4 Kornfeld Eliyahu Peter 4,539


Advertise | Privacy | Mobile
Web02 | 2.8.141223.1 | Last Updated 25 Sep 2012
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100