locked
Adding security over local storage package

    Question

  • I am downloading files on local storage so that my application uses them.

    I do download password protected zip files, I unzip them and show content in webview. Once unzipped, content can be opened by user if he browses folders to local storage and opens application package.

    But I don't want the user to be able to open them.

    How can I create application package with password over it? Is it possible?

    Thursday, July 31, 2014 10:00 AM

Answers

  • This is not a supported scenario as a Windows User can easily navigate to the Local Storage folders of his profile and see things in there.

    But this storage space is secured for each user on Machine in multi-user scenario, unless and until one has Admin rights (s)he can not see contents of that  folder for any other user on that  machine.

    As a work around there are few things you can do

    a) If it is just HTML and no other resource that you have then load it in memory from ZIP and set that HTML into WebView. In this way you will never leave unzipped files on user machine.

    b) Once user navigates away from WebView, delete those. As a backup plan on application launch and exit try to clean that folder. This way user will have only very few items to see in Local Storage. Not 100% secure for you though.

    Encryption will not be a good idea as it will complicate things for you.


    -- Vishal Kaushik --

    Please 'Mark as Answer' if my post answers your question and 'Vote as Helpful' if it helps you. Happy Coding!!!


    Thursday, July 31, 2014 1:30 PM
  • We don't have any capability for this right now.  Have you considered simply deleting the content when your application shuts down?

    You may also want to make the content available only on the web, with a no-cache header.

    Keep in mind that any content you pass on the wire to the client machine is going to be suspect to inspection.  There's very little you can do to prevent the information from being hacked/consumed once it's out there.


    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Thursday, July 31, 2014 1:31 PM
    Moderator

All replies

  • This is not a supported scenario as a Windows User can easily navigate to the Local Storage folders of his profile and see things in there.

    But this storage space is secured for each user on Machine in multi-user scenario, unless and until one has Admin rights (s)he can not see contents of that  folder for any other user on that  machine.

    As a work around there are few things you can do

    a) If it is just HTML and no other resource that you have then load it in memory from ZIP and set that HTML into WebView. In this way you will never leave unzipped files on user machine.

    b) Once user navigates away from WebView, delete those. As a backup plan on application launch and exit try to clean that folder. This way user will have only very few items to see in Local Storage. Not 100% secure for you though.

    Encryption will not be a good idea as it will complicate things for you.


    -- Vishal Kaushik --

    Please 'Mark as Answer' if my post answers your question and 'Vote as Helpful' if it helps you. Happy Coding!!!


    Thursday, July 31, 2014 1:30 PM
  • We don't have any capability for this right now.  Have you considered simply deleting the content when your application shuts down?

    You may also want to make the content available only on the web, with a no-cache header.

    Keep in mind that any content you pass on the wire to the client machine is going to be suspect to inspection.  There's very little you can do to prevent the information from being hacked/consumed once it's out there.


    Matt Small - Microsoft Escalation Engineer - Forum Moderator
    If my reply answers your question, please mark this post as answered.

    NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined objects and unknown namespaces.

    Thursday, July 31, 2014 1:31 PM
    Moderator