Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
avorontsov2015-08-28 16:33:43
Information Security
avorontsov, 2015-08-28 16:33:43

Complex systems for protecting information between the database and the user?

Let me explain, there is a large database on the local network with a beautiful client and limited access rights (etc. with chips, not self-written, not Russian), where you can double-click on a document / drawing / firmware / video / mkv / mp3 / image disk/%smth_else%, this object will be downloaded to the local computer in %temp% and opened in the desired application/cad'e.
How to make sure that this object cannot be obtained in any way from %temp% in order to be copied / stolen? Those. allow only certain processes or programs to open certain files, and delete them instantly after work.
Yes, we turned off flash drives, thought about everything in the world, that the user can take a picture of the screen, take a cast, torture the admin, etc. But at the moment the question is whether there are software kits to fully protect the connection between the database and the user's application.
Some information about the network. Active Directory, all win 7 prof. The priority is the fastest possible implementation.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
A
Andrey Ermachenok, 2015-08-28
@eapeap

will be downloaded to the local computer in %temp% and opened in the desired application/cad'e

The client will work with the file in, say, cad'e, save the modified file in %temp%, then the modified file will be uploaded to the database as a new version?
For such work, the file, as well as assembly units, etc. must live in %temp% and be available to cad. And in any cad'e you can "Save as"

Report
D
DastiX, 2015-08-30
@DastiX

The initial conditions are poorly described.
Wangyu the following:
1. There is a database, there is a client. You cannot edit their code.
2. The client uploads files to the workstation directly from the database to temp.
3. You need to exclude the possibility of copying these files.
If all this is true and! You can configure the temp folder in the client, and only the admin can do this!, then write your own launcher that launches the program you need from a privileged user who has rights to the reassigned temp folder. Other users do not have access to it.
It turns out that your program and the user's explorer are executed in different acl-contexts and do not have access to each other.

Similar questions
H
hdtor2016-03-14 19:06:21
Is it safe to do so? 3Reply
D
Dysnystaxis2016-03-18 11:03:39
Why are there so many incoming connections? 1Reply
R
Rubbick2013-12-17 18:03:36
PKI organization software 2Reply
I
iva20002016-03-19 10:11:11
How to put a password on a folder in the cloud? 4Reply
X
Xapu3ma2018-08-13 09:48:41
What modern approaches to search for zero day vulnerabilities do you know? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question