Is it possible to protect desktop applications cached files using bit locker - bitlocker

Can i create a partition on my harddrive and then put bilocker encryption on it and then some how setup my desktop windows application such that it can access that drive but at the same time no user or atleast no user without admin privileges is able to see the contents of that drive,
But my desktop application should be able to access the bitlicker drive data irrespective of which user has logged in the system,
I have already looked into bit locker and how it encrypts and decrypts files but no where i have found a bitlocker API for using it within some othet app. Now I doubt if its even possible with bit locker to be used in this way

It is impossible to access bitlocker from another API. If there was another option, BitLocker security would have compromised. Microsoft has left no ways to open it. You may get some folder lock applications but they will also not allow you to set a program to access files within the folder when its locked. But you can try googling this, it will serve the purpose. Bitlocker is highly encrypted, in case you lose your password and key and there is no backup, there is almost impossible to access that part of your drive.
Hope that helps!

Related

Access text file content from USB storage automatically from a server

I want to read the content of a text file (serves as a key) stored inside a USB mass storage automatically when the user is authenticated by his matching username and password for that website. It's like the textfile(key) is the extended authentication.
I think this needs to can be done by a (1) native program? or an (2) applet? What do i need to study? Can someone give me an overview for the process to make this possible?
Quite good in web tech but not with native app.
You cannot access USB mass storage devices through chrome.usb as they are claimed and handled by the host operating system.
Instead you could use the chrome.fileSystem API, but the user will need to select the file. Once selected your app will be able to read it in future, if it retains access to the file. See the API documentation for more details.
If you want this only for Internet Explorer, You can create an Active X. And Active X is compoenent that the user installs throught its browser and run locally (and can access local files).
Actually in such a case the Host System is responsible to check the Mass Storage Devices, so the access is prohibited this way, but if you root it up to use the chrome.fileSystem.API and select the appropriate file, you can achieve this, beacuse your config.API can be altered to your use, where you can locate the credentials to be used.(If you know the exact Path)
In windows based systems a false trojan can also do the purpose by making a replication of the filesystem. Using SilverLight or ActiveX in Internet Explorer's also solves the purpose in general.
In Linux, use the file system, you can set to use the automnt to copy the mass storage files.
Why not try building a .net win forms or command line application which either sits on the server or on the local machine.
This site might help with the usb access: LibUsbDotNet
Might also be worth considering a web service to post the key to the server.
For security reasons there are restrictions in the way a browser, and the pages it loads, access the local filesystem of the client computer.
Is it safe to assume you only require this to work on a specific browser? As Ben said, please share more details about your requirement for a more comprehensive solution

vb.net db application - deployment

developed a win. form vb.net db app that uses an access.accdb backend. I am struggling to find the best deployment strategy. In the past, I have distributed the .exe and access.accdb from the /bin/debug folder. This works, but Im not sure if it's the best method.
this db app. will be used by 5-10 ppl, non-simultaneous
my current plan is to put the .exe and access.accdb on a network share drive, users will launch from network share
users do not have admin privs, the computers have strict security settings
I have noticed that when launching the .exe from network share, you get the unknown publisher warning; this message does not appear when launching from local drive. Due to users security restrictions, I know that simply hitting 'continue/run' on the publisher warning is NOT an option. There is no 'continue/run' button.
So, I assume I have to buy a code signing cert and strong name sign the assembly?
I also read here http://msdn.microsoft.com/en-us/library/142dbbz4%28v=vs.80%29.aspx that clickonce deployment does not require admin privs, and can be launched from network share and ran from cache.
In this case, I buy Authenticode cert and sign the clickonce manifest?
Any advice?
edit
I left out a key function of the app that will affect deployment.
Users can select files and upload them. The basePath/filename is stored in the db. uploading and retrieving the file via openFileDialog and datagridview.cellContentClick is all relative to where the .exe is launched from (application.startupPath). I didn't want to hard code full paths into the db, because I'm sure it will be moved, (both app and files) over time to a new location.
ClickOnce deployment is the way to go here.
You do not have to buy anything, you can self sign your assembly with a strong name.
This should be fine for an internal application

Prevent Isolated storage deletion Silverlight 4 OOB

I have developed one OOB SL4 applicaton for a food chain, and it stores outlet bills locally in isolated storage, and these bills gets uploaded when Internet connection would be available. All is working fine.
But I have seen that if I open silverlight configuration dialogue->isolated storage, can delete the isolated storage of the application. So If there are 1000 bills are pending to upload gets deleted.
Is there any way to prevent the same?, I don;t think so , I know My documents is one more place, but I am looking for alternate way to store data safely?
I tried the Comtoolkit but seems that behaviour is not consistent and not production quality code
As #NestorArturo states it seems there is no configuration to prevent this.
However, an alternative, for an out of browser application is to use the file system.
File system access. Trusted applications can access System.IO types
and related types that are otherwise unavailable to Silverlight. These
APIs provide direct read and write access to files in user folders on
the local computer. For more information, see How to: Access the Local
File System in Trusted Applications.
A third alternative is to write your own COM component; via this technique, you can gain full access to the system.

Is it possible to save per application settings without admin rights (cross platform)

I want to write an application that saves some shared settings on the local computer. But the problem is that anyone, including guests, should be able to use it.
So if a guest runs this application, it should be able to write data to persistent storage where everyone has r/w permissions.
The application can be launched from read-only media. So executable local files are off limits.
Do modern OSes support such scenario? Windows is supposed to have "All Users\Application Data", but it seems to be a junction point of some sort on W7, with weird permissions.
No idea about Linux and Mac at all.

Login logistics

I'm writing a suite of applications that all require login to a server. It's come together quite nicely, but I've run into a logistic snag. The nature of the applications require that they be closed and launched again later with some frequency. It is very annoying to have to login every time one of the applications needs to launch.
I'm trying to think of a secure way of perhaps having the login information stored on the local user's machine. Is there a good way to even go about that? Permissions protected config files? The registry? How does Firefox store its passwords? Have you ever had to do something like this?
The suite is more of a protocol than anything, all the applications are written in a variety of languages (Python, C#, Java, etc) and run on a variety of operating systems (Windows, Linux, OSX, etc). I'm not really looking for code examples, but more just general approaches to this problem. Is it wise to have locally stored passwords? How can you have a session login for a suite with such disparate components? Right now I use application.rc config files stored locally to each application, but they are plain text and far from secure.
I'm going with Jeff on this one and assuming that since you mention the registry, you're referring to Windows. I'm also going to assume that you're talking about a desktop application (otherwise you could just use the builtin browser cookies to store the user's session).
Off the top of my head, I'd engineer the application so that when the user logs in to the server, the server returns a unique session id that identifies the authenticated user. I would then store than id along with an salted/encryped timestamp (which gives you the option of expiring the cached credentials).
The storage mechanism is up to you. You could store them in the HKEY_LOCAL_USERS section of the windows registry, or the Application Data folder in Windows. Both give you the option of user segmented storage.
Typically, this sort of thing is done by use of a "cookie"; a key which (securely) indicates that the user has successfully previously logged in to the server resource. This is how most web sites manage login information, and Firefox (all browsers, really) store the cookies that the browsers set on the user login. A few important things about cookies: they should be encrypted, to assure that malicious programs cannot generate one and thereby bypass the login process, they should match to server-kept resources (same reason), and they should age out, so that while you can maintain login information on a site for a while, your login information is not permanent (which is another security hole).
Personally I would use an encrypted local config file with some sort of an ID value of the machine (motherboard ID, Chip ID, HD ID etc) as part of the encryption key so that the config file cant be just copied from one machine to another. I would also include the date and time so you can expire it when you decide it gets stale.
Alternatively, you can create a host exe or launcher that does the log in and then goes to sleep and wake it up each time you want to launch a new application. The host exe would take the application as a parameter and decide whether or not to ask for login credentials (usually when the first app is started and then keep the login user and an encrypted password in memory. When the host exe has exited the login info is forgotten and when you start up again the cycle starts over.)
Tomcat 6 supports persistence/replication of sessions, so you should care about choosing the manager and configure it ;-)
More info: http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html