禁用我的计算机上的特定文件上传？ [英] disable uploading for a specific file on my computer?

问题描述

如何禁用我的计算机系统上的特定文件的上传以提高保护级别。

有没有办法锁定文件？

How can disable uploading for a specific file on my computer system to enhance protection level.
Is there any way to lock file?

推荐答案

仅供参考，这些选项都没有真正保护文件，因为有办法解决他们都是。也就是说，如果您只是想让您的应用程序可以使用某个文件，并阻止其他进程/用户访问/使用它，那么这些选项之一可能有所帮助。



选项＃1 - 使用此选项，您可以将图像作为资源嵌入应用程序中，并在需要时将其从资源中拉出。如果文件需要是实际文件，则将其从应用程序资源中拉出并首先将其保存到文件中。然后在上传完成后删除文件。



添加资源：

http://msdn.microsoft.com/en-us/library/3bka19x4（v = VS.90）的.aspx [ ^ ]

检索图像：

http://stackoverflow.com/questions/2412810/how-do-i-retrieve-an-image-from-my-resx-file [ ^ ]





选项＃2 - 安装应用程序时以编程方式更改文件的权限。基本上，您在安装应用程序时以编程方式创建特殊的应用程序用户，并将文件的权限设置为该用户。当应用程序运行时，要访问该文件，您需要模拟应用程序中的特殊用户。 如果可能的话，我会避免像瘟疫这样的选项。



创建本地用户帐户：

http://support.microsoft.com/kb/306273 [ ^ ]

http://stackoverflow.com/questions/384304/creating-local-user-account-c-sharp-and-net-2 -0 [ ^ ]

更改文件权限：

http://support.microsoft.com/kb/899553 [ ^ ]

FYI, none of the these options will truly protect the file as there are ways around all of them. That said, if you are just trying to have a file available to your application and prevent other processes/users from accessing/using it then one of these options may help.

Option #1 - With this option you would embed the image as a resource in your application and pull it out of the resource when needed. If the file needs to be an actual file then pull it out of the applications resources and save it to a file first. Then delete the file after the upload is complete.

Add resources:
http://msdn.microsoft.com/en-us/library/3bka19x4(v=vs.90).aspx[^]
Retrieving the image:
http://stackoverflow.com/questions/2412810/how-do-i-retrieve-an-image-from-my-resx-file[^]


Option #2 - Change permissions on the file programmatically when the application is installed. Basically, you programmatically create a special application user when the application is installed and set the file's permissions to this user. When the application runs, to get access to the file you will need to impersonate the special user within the application. I would avoid this option like the plague, if at all possible.

Create local user account:
http://support.microsoft.com/kb/306273[^]
http://stackoverflow.com/questions/384304/creating-local-user-account-c-sharp-and-net-2-0[^]
Change file permissions:
http://support.microsoft.com/kb/899553[^]

要阻止文件，您需要在客户端执行过滤。

现在 - 任何客户端机制都可以很容易被愚弄，比如使用，从名称更改，加密，压缩，其他转换等。



所以你需要成为更具体地说明你需要完成什么，以便我们可以提供帮助。

大型系统通常使用的是 非军事区 [ ^ ]将接收传入的数据/文件/上传，并将决定内部网络中的内容等。



希望它是一个开始。欢迎您提供更多有关您需求的详细信息，我们可以为您提供更多帮助。



干杯，

Edo

To block a file you need to perform filtering on the client side.
Now - any client side mechanism can pretty much easily be fooled, like using, from name change, through encryption, zipping, other transformations, etc.

So you need to be more specific as to what you need to accomplish, so that we can help.
What large systems usually do is they use a "Demilitarized Zone"[^] that will receive incoming data/files/uploads and will decide what goes in the internal network etc.

Hope it's a start. You are welcome to provide more details on your needs and we can help further.

Cheers,
Edo

根据我在评论中对这个问题进行解释的原因，这根本没有意义。



我也解释了你能做什么，但是你的要求太模糊，无法进一步讨论细节。到现在为止，你应该得到主要想法。







你可能没有get，我在一个地方解释它。



首先，不加载文件本身不会提高你的安全性。



现在，您要过滤掉一些文件。但是遵循简单的逻辑：在上传文件并在服务器部分进行分析之前，您无法确定文件是坏还是坏。然后，如果不好，你可以删除它。



如果您不想在服务器部分执行此操作，则意味着您应该分析客户端部分上的文件。但是不要这样做，因为在客户端部分，恶意客户端可以轻易地欺骗你。那真是不安全。

-SA

It simply makes no sense, by the reasons I tried to explain in my comments to the question.

I also explained what you can do, but your requirements are too vague to discuss further detail. By now, you should get the main idea.



As you probably did not get, I'm explaining it in one place.

First of all, not loading a file won't itself improve your security.

Now, you want to filter out some files. But follow simple logic: you cannot determine if a file is bad or good until you upload it and analyze on the server part. Then, it if is bad, you can removed it.

If you don't want to do it in the server part, it means that you should analyze the file on the client part. But don't do it, because on client part the malicious client can easily trick you. That would be really unsafe.

—SA

这篇关于禁用我的计算机上的特定文件上传？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！