0

I'm making a windows app with c# and I want the user of this app to be able to open files on another pc but I only want him to be able to open those files from the app.

The user gets permission to open files or not by his SQL user permissions on a table that contains the files info such as path and name.

I tried to share the folder that contains the files but now the user will be able to access the files without using the app if the user has the username and password of the shared folder, so I thought of encrypting the username and the pass of the shared folder but now I have to store the keys somewhere that is secure.

Any ideas?

Prajakta Kale
  • 392
  • 3
  • 19
Kerberos_666
  • 21
  • 4
  • 1
    Have you considered storing these files directly in the database, and removing this problem altogether? – Moo-Juice Oct 22 '19 at 10:51
  • Yes i considered that and i tried to search for how to open the files from sql but i couldn't find a way. – Kerberos_666 Oct 22 '19 at 10:53
  • 1
    Well, you didn't search very much :) https://stackoverflow.com/questions/2579373/saving-any-file-to-in-the-database-just-convert-it-to-a-byte-array – Moo-Juice Oct 22 '19 at 10:54
  • Storing files in a DB can be done, but isn't exactly the most scalable approach. If many files of any size are to be stored there, the DB is going to become very large very quickly. You could deploy an FTP server on the same machine that is running your DB, and allow only users of you app on it, then download those files from there. This would prevent shared windows folders and files could be stored outside of the DB. – r41n Oct 22 '19 at 11:31
  • But to access the files through ftp you have to enter the username and password of the ftp and i don't want the user to know them because i want the user to only access the file through my app – Kerberos_666 Oct 22 '19 at 12:06
  • If i decided to delete any user from the database he could still access the files because he knows the username and password of the ftp – Kerberos_666 Oct 22 '19 at 12:07
  • @r41n as OP is using SQLServer, he can use the `FILESTREAM` column type to store the file, and that is perfectly scaleable. – Moo-Juice Oct 22 '19 at 14:28
  • @Moo-Juice you are obviously right. It just sounds to me as the OP wants to share files with clients but allow it only through this app. My point was more to simply avoid the DB altogether, to also avoid loading redundant file copies inside the DB just to share them. – r41n Oct 23 '19 at 08:30

0 Answers0