如何使文件夹不可复制 [英] How to make folder uncopyable

问题描述

我有一个程序，解密一个zip文件，将其提取到一个秘密位置，然后在提取的文件夹中运行一个程序。我想确保没有外部程序可以将extract文件夹复制到另一个位置（秘密文件夹在程序完成后被删除）。

我已经删除了Windows资源管理器，使我的解密程序是一个总是在顶部程序，删除秘密文件夹，如果它被杀死（通过使用另一个隐藏程序解密程序开始）。我担心的是另一个程序可以观看进程列表，发现文件夹位置并执行副本。

是否有一种方法可以防止程序化复制目录，或者

查看 Directory.CreateDirectory（string，DirectorySecurity）

您需要创建 DirectorySecurity 对象封装所需的权限集。最简单的方法是创建一个拥有所需权限集的进程'userid拥有的模型目录（例如，只有我可以遍历这个目录或者查看甚至打开任何内容。一旦你这样做，使用 DirectorySecurity 构造函数重载 DirectorySecurity（String，AccessControlSections） 实例化 DirectorySecurity object具有相同的权限。

另一种方法当然是创建与上述相同类型的模型目录，并创建您的工作目录作为其子目录，继承父级的权限集。

至于安全地删除磁盘上的内容，请查看问题在.NET中分割文件

如果信息是敏感，你应该可以解密它到内存而不是磁盘。但你应该知道，这也不安全。最近的数据泄露目标的POS系统遭受的是由于定制设计的恶意软件从过程内存中收集纯文本信用卡和其他PCI /敏感数据。

I have a program that decrypts a zip file, extracts it to a secret location, and then runs a program in the extracted folder. I would like to ensure that no external program can copy the extract folder to another location (the secret folder is deleted upon program completion).

I have already eliminated Windows Explorer by making my decryption program a "always on top" program that deletes the secret folder if it is killed (by use of another hidden program that the decryption program starts). My concern is that another program could watch the process list, discover the folder location and perform the copy.

Is there a way to prevent programmatic copying of a directory, or if not, of a file?

解决方案

Look at Directory.CreateDirectory(string,DirectorySecurity)

You'll need to create a DirectorySecurity object that encapsulates the desired permission set. The easiest way is to create a model directory owned by the process' userid with the desired permission sets (e.g., "Only I can traverse this directory or see or even open anything in it."). Once you've done that, use the DirectorySecurity constructor overload DirectorySecurity(String, AccessControlSections) to instantiate a DirectorySecurity object with identical permissions.

Another approach, of course, would be to create the same sort of "model directory" as above and create your "secret" working directory as a subdirectory of that, inheriting the parent's permission set.

As far as securely deleting the contents on disk, look at the question "Shredding files in .NET"

If the information is that sensitive, you should probably be decrypting it into memory rather than disk. But you should be aware that that's not secure either. The recent data breach Target's POS systems suffered was due to custom-designed malware harvesting plain-text credit card and other PCI/sensitive data from process memory.

这篇关于如何使文件夹不可复制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！