Thanks Jonathan
The PC application (actually the Bank's Web application) lets the user
chose
the file to upload from a directory he navigates to. it may as well be a
mapped
IFS drive.
It's possible to grant (revoke) authorities for the file in the IFS but if
the PC user
is able to select it for upload, he's able to copy it to his/her PC and
read it as well
(so I'm told)
I could put the file into a password-protected zip file (easy), or encrypt
it (difficult) .
I've asked some technical persons at the bank, waiting for their answer.
Gad
date: Tue, 22 Aug 2017 11:09:17 +0000
from: Jonathan Wilson <piercing_male@xxxxxxxxxxx>
subject: Re: Secured txt file (Charles Wilt)
On Fri, 2017-08-18 at 09:04 +0300, Gad Miron wrote:
Thanks Charles
This is ruffly what I had in mind
The issue is, how can I upload a IFS "Exclude All" txt file to the
user's
PC and retain the "Exclude All" authority.
Gad
It seems that what you need involves a number of actors, and at various
stages different security constraints.
The weak link in all of this, is that once the file is on the PC it is
no longer under any ones control but the user(s) that have access to
that PC. If we assume that is acceptable, we can break the other stages
down.
To have control of the transfer by the i, there are a number of possible
ways to handle this... all with varying degrees of difficulty and
security implications.
If the PC has a "shared folder" this could be mounted on to the i and
then accessed directly by an application. I've never done this, so have
no
idea how difficult it is or what is involved (I've done similar on a
home network between my lads windows PC and my linux "server" come
workstation - we never change our passwords so the mount is scripted
with hard coded passwords. He also has access to a SAMBA folder on my
"server" - it works well enough.)
You could also set up a ftp "server" on the PC, and have the i ftp the
data across or use something else such as rsync over ssh, which
obviously would require ssh and rsync on the PC and the i (ssh on the pc
& i shouldn't be and issue, but I am unsure if there is a version of
rsync that runs under pase or natively) or something like scp (if such a
thing exists on the i).
Now to the issue of exclude all on the i, yet still allow this to
work...
The term you're looking for is, program adopted authority. You have a
program (or more if you want a two stage process) that runs under a
profile that can do what it wants with the file but can be called by any
user or job that needs to run it/them.
When the, lets call it, creation program runs it creates a file in the
ifs in a directory that no other "lowly" user can access, it changes the
authority (or its set at creation time) of that file to exclude all
other users and then dumps the data into it... when that is complete it
excludes read access to itself (1).
The transfer program comes along, using its adopted authority, and
changes the file authority so it can be read... it transfers the program
and changes the access authority back (1).
All that said, all of this is negated by every user that has enough
authority on the i to override the "lock out", including that user
profile itself. But it is possible to push the files if that is the main
consideration, with varying degrees of complexity and effectiveness.
Jon.
(1) I'm unsure if an owner of a file can do anything with that file, by
default even if its specified it cant do something, or if its possible
to make a file unreadable by itself. Obviously if it has ownership, it
can then just change the authority/access rights.
date: Thu, 17 Aug 2017 08:03:11 -0600
from: Charles Wilt <charles.wilt@xxxxxxxxx>
subject: Re: Secured txt file
If you remove all authority to the file, then the user won't be able to
pull it to the PC.
They have have to have read authority to transfer it.
Your process could push it to their PC, but you wouldn't be able to run
that process under the users ID; otherwise they would still need read
access.
You'd have to run the push under an ID that has read access and
authority
to the user's PC.
Charles
On Wed, Aug 16, 2017 at 11:24 PM, Gad Miron <gadmiron@xxxxxxxxx> wrote:
Thanks guys (Charles, Jonathan, Tim, Jack and all others)
It is understood that a text file copied to a user's PC may be edited.
I'm looking for a way to remove all authorities to the file including
read-only
so the user won't be able to open the file .
(and no, I can not upload an encrypted file to the bank - they can't
ingest
it)
TIA
Gad
As an Amazon Associate we earn from qualifying purchases.