Proof-of-concept: Password protected files and folders
Purpose for this proof of concept is to get a working version of password protected files and folders. It is still undecided wheather this feature will be available in SkyOS/final.
I'm currently working out a way to make password protected files and folders possible.
A few thoughts:
- All non-admin users can assign passwords to files or folders inside their home directory
- When the user tries to access his password protected file or folder, a message is sent to the 'password service'. This service will then popup a dialog telling the user which application tries to access which password protected file/folder and asks for the password.
A sucessfull authentification will be remembered for this application, meaning the future request will automatically be allowed. (until the application is closed)
- Only files/folders inside your home directory can be password protected. This is to prevent users from for example password protect the /system folder which will immediately make your system unusable.
- The required hooks will be implemented directly in the open/close/opendir/readdir/stat/unlink/... functions. Because of this, every application will make use of this password protection. Indeed, a application is not able to workaround this. For instance, when you browse to a "bad" site using a web browser which executes a script which tries to access such a password protected folder, the request will be immediately denied and the user will be asked if he wants to allow this by entering the password.
- The popup password dialog will have a counting timeout of lets say 15 seconds. If you don't enter the password and confirm this dialog in this time, the request will be denied automatically. Because of this it is possible to for example let a disk backup task run over the night without interrupting it and waiting endless time until you confirm the dialog.
- Implementation of libpwprot has started.
- Password protection service implementation started. Responsible for displaying the authentification dialog and doing the actual authentification for the kernel
- libpwprot.dll implementation started. libpwprot.dll is linked to the default SkyOS library and responsible for the communication with the Password protection service whenever a file operation failed with a -EACCESS error.
- Add support to the file properties dialog to actually assign a password to a file or folder
- Extende the kernel function Security_CheckAccess(...) function to fail on files which have a '.password' attribute and where the file is not on the application local 'white list'. The file gets on the 'white list' once the user entered the correct password for it