PoC - Password protected files and folders

Submitted by Robert Szeleney on Sat, 2006-01-14 10:41.

Proof-of-concept: Password protected files and folders

Purpose for this proof of concept is to get a working version of password protected files and folders. It is still undecided wheather this feature will be available in SkyOS/final.

Progress:
I'm currently working out a way to make password protected files and folders possible.

A few thoughts:

  • All non-admin users can assign passwords to files or folders inside their home directory
  • When the user tries to access his password protected file or folder, a message is sent to the 'password service'. This service will then popup a dialog telling the user which application tries to access which password protected file/folder and asks for the password.
    A sucessfull authentification will be remembered for this application, meaning the future request will automatically be allowed. (until the application is closed)
  • Only files/folders inside your home directory can be password protected. This is to prevent users from for example password protect the /system folder which will immediately make your system unusable.
  • The required hooks will be implemented directly in the open/close/opendir/readdir/stat/unlink/... functions. Because of this, every application will make use of this password protection. Indeed, a application is not able to workaround this. For instance, when you browse to a "bad" site using a web browser which executes a script which tries to access such a password protected folder, the request will be immediately denied and the user will be asked if he wants to allow this by entering the password.
  • The popup password dialog will have a counting timeout of lets say 15 seconds. If you don't enter the password and confirm this dialog in this time, the request will be denied automatically. Because of this it is possible to for example let a disk backup task run over the night without interrupting it and waiting endless time until you confirm the dialog.

Update:

  • Implementation of libpwprot has started.

Update:
First screenshot:

Update:

  • Password protection service implementation started. Responsible for displaying the authentification dialog and doing the actual authentification for the kernel
  • libpwprot.dll implementation started. libpwprot.dll is linked to the default SkyOS library and responsible for the communication with the Password protection service whenever a file operation failed with a -EACCESS error.

Next steps:

  • Add support to the file properties dialog to actually assign a password to a file or folder
  • Extende the kernel function Security_CheckAccess(...) function to fail on files which have a '.password' attribute and where the file is not on the application local 'white list'. The file gets on the 'white list' once the user entered the correct password for it


voDjbfwm

bFbLsDv voDjbfwm

cphmNHM

sDDnSR cphmNHM

application

If possible, add the name of the application that is trying to access the file/folder and the name of the file/folder to the dialog. Otherwise you will get something like "Something is trying to access a protected folder"

thought so..

I'm pretty sure that this will be implemented.

Read the article again, it's

Read the article again, it's there :)

How about something like Mac

How about something like Mac OS X, where a dialogue box appears saying "Application X is trying to perform a function that requires Authorization" and then a drop down arrow which makes the window larger and displays what the application is attempting to open / do