Google Answers Logo
View Question
 
Q: Restricting document access ( Answered 3 out of 5 stars,   2 Comments )
Question  
Subject: Restricting document access
Category: Computers > Programming
Asked by: thierryf-ga
List Price: $50.00
Posted: 08 Jun 2003 17:15 PDT
Expires: 08 Jul 2003 17:15 PDT
Question ID: 214852
I would like to achieve in a sense what ftp provide. Users cannot
acces the document directly, but can do it via an ftp software. In
other words, the documents are fully protected from intruders unless
you have proper ftp access rights!

I have tried to build my own ftp access right, which was successfull
to some extend, but unfortunately, the various tool I tried did not
provide proper time i.e. no seconds, thus causing other problems!

Can you find me a software development tool (preferable in visual
basic!) that will allow me to access file if I have access rights to
them. I don't want the files to be accessible in anyway through MS
Explorer, or any other way. The only way it should be accessible is
via this software by providing a user name and password.

This would the same as a client/server application where the database
reside on a server and is only access by the server. The server then
sends back the information to the clients. The only way people can
access the database information is via the client which has special
access rights to send message back and forth between the server.

I basically want the same thing with files! I don't want to go the
database way by the way. i.e. I don't want the files to be stored in a
database.

Thanks.

Thierry

Request for Question Clarification by endo-ga on 08 Jun 2003 17:45 PDT
Hi,

What was the problem with the FTP server? You mean the server could
not log the time in seconds of when a user logged in or when a file
was created?

I have a few proposals for you, let me know if you like any of them.

You could set up a VPN service on your server, enabling file sharing
then create accounts for your users, on the server, they would then
need to connect using VPN to the server to see their files.

You could try off the shelf systems such as:
Filetopia, which seems interesting and is free
http://www.filetopia.org/home.htm

File Sharing for net, which is very cheap
http://www.minihttpserver.net/fbbs/index.php

Fileway, which is exactly what you want I believe, but is pretty
expensive
http://www.fileway.com/faq.htm

Please let me know if this is going in the right direction and I'll
research it more.

Thanks.
endo

Clarification of Question by thierryf-ga on 08 Jun 2003 18:19 PDT
Here is what I'm trying to achieve and where the problems occured.

Imagine a windows based application that list a certain amount of
documents. I provide a check-in/check-out facility! At the moment, the
software is using a specific path like z:\abc\document, which means a
malicious user could simply go to the z:\abc folder and delete all
files. So I decided to try it with ftp, but here is the problem I was
face with

Date/Time on Server : 13:40:54
Date/Time on Client : 13:30:33

So if I send an ftp command accross to download a file, it is download
in a local folder (cache!) on the client's pc. So a file that has it's
time set on the server as 13:40:00 will be downloaded to the client
and its time will be set to 13:30:45. So to rectify this, I do a
listing via ftp, get the file's information from the server and then
set the date on the file that was just downloaded, thus setting it to
13:40:00. Now if I edit this file and save it, it's time will be set
to 13:32:55. If I try to compare the date between the cached file and
the server, it will fail as the time on the client is smaller than the
one of the server! That's problem number 1 explained! I think!!!

The other problem is that if the client and server are failry close
with their time, even if by the time the client is finished editing at
13:43:10, it will uploaded it, but it seems that the time on the
server will be set to 13:43:00. So if a user downloads the file via
ftp, makes a very quick modification, and uploads it again, the time
will still be reset to 13:43:00 even though it may already be 13:43:35
on the client's clock! Now another user does the same and his clock
now set the time to 13:43:55, and once uploaded the time will set back
to 13:43:00. Now if the original user tries to downloaded it again, it
will fail as the time will be 13:43:10 on the cache and 13:43:00 and
yet another user has made a quick change on it since!

I hope this helps! I will look at the links now! Thanks for the quick
responses!

Thierry

Request for Question Clarification by pafalafa-ga on 08 Jun 2003 18:22 PDT
I read your question over several times and began to suspect that your
needs might be met by some sort of encryption program, rather than an
proprietary file share system.

Is that on the right track?  If so, I'm sure that I -- or one of the
other researchers here -- could track down the appropriate software to
suit your requirements.

Let us know.

Request for Question Clarification by endo-ga on 08 Jun 2003 18:28 PDT
Hi,

Thanks for the clarification, from what I understand, is that you want
to be able to modify files and be able to keep track of versions,
maybe for some kind of software development?
If so, I think you should be looking at a CVS based solution.
http://www.cvshome.org/
This is the system that is used on http://www.sourceforge.net and
allows developers to work separately on files.

Hope this helps.

Thanks.
endo

Clarification of Question by thierryf-ga on 08 Jun 2003 19:20 PDT
Hi again,

It is a bit of both! It is hard to explain!! I'm willing to undertake
the version control, but if it comes with the toolkit, I have no
problem with it! It has to be a windows based toolkit and must be
usuable in visual basic.

Does csv do that? Ideally if it provides a way to do this via ftp or
http to do that, perfect!

I don't know if I want encryption! I really want protection of files!
CSV seems to be based for developers, but can this be integrated into
a visual basic project and will it work with any file type rather than
just development files?

Encryption would just restrict viewing of these documents, whilst
protection would restrict users from deleting them! Imagine if the ftp
solution worked, the files would be perfectly kept away from users,
and yet you could download the latest version from the server and
upload it back!

Thanks.

Thierry

Request for Question Clarification by endo-ga on 08 Jun 2003 20:54 PDT
Hi,

The version control is totally automated in CVS, you just upload the
files and it takes care of it.

I know CVS can be done through FTP, not sure about HTTP, but this is
probably possible as well, also any file type can be used.

You can integrate Visual Studio with CVS by using:
http://www.jalindi.com/igloo/index.html

You can find a tutorial to CVS by looking at: 
http://cvsbook.red-bean.com/

I'll keep on looking for more information and keep you posted on
Monday.

Thanks.
endo

Request for Question Clarification by webadept-ga on 08 Jun 2003 21:24 PDT
Why didn't you just intergrate a time server with your orginal setup? 

webadept-ga

Clarification of Question by thierryf-ga on 09 Jun 2003 16:07 PDT
Hi,

Can you expand on time server? As well, if it is what I understand,
how to overcome the problem related to editing within seconds as when
FTPing accross back to the server, the seconds seems to always be set
to 00.

Thanks.

Thierry

Request for Question Clarification by endo-ga on 09 Jun 2003 16:15 PDT
Hi,

I think he means run a time server on your server so that all clients
are synchronized to the same time.

For more information:
http://www.ntp.org/
http://www.boulder.nist.gov/timefreq/service/its.htm

Hope this helps.

Thanks.
endo

Request for Question Clarification by webadept-ga on 09 Jun 2003 18:29 PDT
You said ----
So if I send an ftp command accross to download a file, it is download
in a local folder (cache!) on the client's pc. So a file that has it's
time set on the server as 13:40:00 will be downloaded to the client
and its time will be set to 13:30:45. So to rectify this, I do a
listing via ftp, get the file's information from the server and then
set the date on the file that was just downloaded, thus setting it to
13:40:00. Now if I edit this file and save it, it's time will be set
to 13:32:55. If I try to compare the date between the cached file and
the server, it will fail as the time on the client is smaller than the
one of the server! That's problem number 1 explained! I think!!!
----

and it hurt my brain.. ouch. :-) 

Okay, so if both the server and the client were in sync with the time,
none of this would be a problem?

Endo already pointed you to the timeserver info. 

What I really don't get, or understand, is why this is a problem.
Instead of working with a "time" on a client, one option would be to
just work with the existing time as a starting point for a "time
counter". Send back the amount of time the client had the file, rather
than the real time. Simple math there.

Better is to use a timeserver though and check that from inside the
client software. Because the user can set his/her clock to anything
they want, but if you check a timeserver from inside the software,
then you will have the correct time no matter what the clock on the
client says. Correct time being, the same time as the server.

Your server logs don't register the client's timestamp. I don't
understand that at all. If I send your server a file and my client's
time says 1978, your server is going to log it as coming in at the
server's current time through FTP and nothing short of a real hack is
going to change that.

So are you passing this file information to the server along with the
checked-out file? or what? and if so, how? Are you using an XML
stream?

I have a sneaking suspision you are working way to hard at this. Is
there a way you can let the researchers know a little bit more about
your transfers?

Right now this is what I see. 

Time 12:00 noon PST

client request axt.doc file 
client time is set at 12:05 , server records the transfer at 12:00
client FTP program requests timeserver time from server, sets file
request axt.doc at 12:00 noon. completed transfer of file at 12:06:34

14:00 PST
client sends back file with changes
client time is 14:20
client FTP's file
server records transfer at 14:00 it's current time. 
client request timeserver time 
client records PUT transfer at 14:00 PST with completed transfer of
file at 14:02:35

If you noted this as ServerTime, it would work out just fine, and let
the client note that there is a difference between the server and
their computer's time, and that this difference is being taken into
account on all transfers.

Anyway, I just read the question last night and thought that you might
be missing some simple, well tested solutions for this, and if so, I
would drop the hint for you. All of this thinking is based on the idea
that you developed the FTP client yourself in VB or something. If that
is the case, then these ideas added would solve your problems.

webadept-ga

Clarification of Question by thierryf-ga on 10 Jun 2003 18:13 PDT
Hi webadept-ga (and all the rest of you of course!),

I'm glad to hear that I'm not the only one with a sour head after all
this! Now to try to give you a simplier version of what I want to
achieve:

1. if file does not exists on server, copy file from client to server.
2. if file does not exists in cache, copy file from server to cache.
3. if file exists on server, only copy file to server if newer in
cache.
4. if file exists in cache, only copy file to cache if newer on server

I hope that clarifies what I'm trying to achieve.

If the server and the client are synch with the time, it does not
resolve my problem! Why? Because the seconds are always set to zero on
the server! This seems to be the case with 2 various toolkit I've
looked at! I assume this must be normal behaviour for ftp toolkit &
ftp in general!

So if a new file is uploaded at 13:45:29 (server time!), it's time
will be 13:45:00.

Before I go any further with your various suggestions, how do you
suggest I handle this scenario?

User1 : Upload file to server at 13:45:04 (server time). Time is set
to 13:45:00 by ftp toolkit!

User 2: Downloads same file at 13:45:25 (server time). When downloaded
it will be set to 13:45:00 by ftp toolkit!

User 2: Edits and upload file back at 13:45:46, but time is set to
13:45:00 by ftp toolkit!

User 1: tries to Download the file again, but fails as time and date
are the same between file in client's cache and file on server. i.e.
13:45:00

Is the explaination of my first problem clearer? I know this scenario
is extreme and is unlikely to happen, but I want to have a 100% solid
solution.

Let me know if I'm still not clear???

Thanks. 

Thierry

PS: Please note I'll be as generous as tip allows me to be to have a
solution to my problem! I don't want any of you guys to think I'm
wasting your time and going around in circle! All the help is greatly
appriciated!!! Thanks again. T.

Request for Question Clarification by endo-ga on 10 Jun 2003 18:24 PDT
Hi,

Why not just create your own version control system. Where when you
download a file, it assigns a version number to it, and when you
upload a file, the version is incremented.
Scenario:
1-) file on server is version 1.0
2-) user 1 downloads file
3-) user 2 download file
4-) user 1 uploads modified file, file on server is version 1.1
5-) user 2 wants to upload file, his version is 1.0 version on server
is 1.1, it has been modified since he's downloaded it

If that is on the right track, you could do this easily by just having
a database with 3 columns and each file takes a row. You would have:
filename, version, date (optional but could be useful)

What do you think?

Thanks.
endo

Clarification of Question by thierryf-ga on 10 Jun 2003 18:52 PDT
Hi Again,

I just ran through my application again, and saw the following which
is partially creating the problem:

When uploaded to the server, the file's date and time for the 'create'
and 'modified' are actually set correctly including the hours, minutes
and seconds contrarely to what I previously said! The problem occurs
when downloaded from the server to the client! The server listing only
lists the time as hh:mmAM/PM without seconds, thus causing the time
problem. So going back to my example, a file is uploaded at 03:04:35
(server time!). So far so good, but when downloaded to the cache the
ftp listing comes back as 03:04AM, thus dropping the seconds, thus set
to zero. Even though no editing has been made, when comparing the
cache file and the server, they will look identical! I hope this is of
some help!

Thanks.

Thierry

Request for Question Clarification by endo-ga on 10 Jun 2003 19:25 PDT
Hi,

I am able to reproduce the behavior you suggest and also found an
option in my FTP client (FlashFXP) to keep server file time on
downloaded files. Although this solves the problem of clients having
completely different times to the server, it doesn't solve your
problem with the seconds.

If you want to stick with FTP, you would have to either write an
extension to it to allow it to take seconds into account, or try what
I mentioned, which is keep track of versions.

Thanks.
endo

Request for Question Clarification by endo-ga on 11 Jun 2003 05:22 PDT
Hi again,

I'll go into a bit more details of my proposed solution to your
problem.

1-) Alongside your FTP server, you run a database with 2 tables.

2-) Table 1, will have 3 columns: filename, version, date
created/modified
Primary key: filename
Table 2 will have 4 columns: username, filename, version, date
Primary key: username, filename

3-) Every file on the server is referenced to in table 1. New files
starting off with version 1.0. For example, you create a new file
called test.txt. You then add a row to the database that says:
text.txt   1.0   20030611130855
For YYYYMMDDHHMMSS, see http://www.mysql.com/doc/en/DATETIME.html for
example.

4-) When someone downloads a file, you add a row to table 2. For
example if user0 downloads file test.txt from the server with date
20030611130855 and version 1.0, you add the following row to table 2,
retrieving the information from table 1.
user0   test.txt   1.0   20030611130855
If that user has already downloaded that file, and not re-uploaded it
then you replace the version number and the date.

5-) When someone wants to upload a file, you check which version of
the file they downloaded by looking at table 2, then you compare this
to table 1. If
a)	table1.version – table2.version = 0, then the file hasn't been
modified by anyone since the user downloaded it.
b)	table1.version – table2.version > 0 then the file has been modified
by someone since the user downloaded it.

If a) then accept the upload and increment the version number and
delete the row from table 2.
If b) then warn the user that they downloaded version x.x modified on
date w and that the version on the server is version y.y modified on
date z. Ask them to make sure that they want to overwrite the version
on the server, if not, they should download the file again.


I hope this makes things clearer, if you don't think that this fits
your needs let me know and I'll try and find a better solution. In any
cases please let me know what you think. Thanks.

Regards,
endo

Clarification of Question by thierryf-ga on 12 Jun 2003 09:47 PDT
Hi,

Thanks all very much for the various answers! I really appriciate your
comments and help! Before I close this answer, I want to find out if
you have other suggestions other than FTP! Personally, I'm quite happy
going that way with the database integration! That sounds good to me!
But as I said, if you have any other suggestions other than FTP or a
better way to go about it, please let me know!

If not, I'll be happy to close the question!

Many thanks.

Thierry

Request for Question Clarification by endo-ga on 12 Jun 2003 09:54 PDT
Hi,

After everything you've described, it seems that the simple database
running alongside a basic FTP server would seem the easiest way. You
can obtain the same result using CVS, but this would be much more
complicated to implement and has other features you don't need.

If you are happy with these suggestions, can I post that as an
official answer before you close the question?

Thanks.
endo

Clarification of Question by thierryf-ga on 12 Jun 2003 16:31 PDT
Hi Endo,

You can post it alright!

Thanks again!

Thierry
Answer  
Subject: Re: Restricting document access
Answered By: endo-ga on 12 Jun 2003 16:41 PDT
Rated:3 out of 5 stars
 
Thanks for your question.

The simplest way to solve your problem would be to have version
tracking with a database as described above.

Just a small clarification:

If a) then accept the upload and increment the version number *in
table 1* and
delete the row from table 2.

I added the bit between the *s.

Hope this works out.

If you need any more help or any clarifications, please do not
hesitate to ask.

Regards,
endo
thierryf-ga rated this answer:3 out of 5 stars and gave an additional tip of: $100.00
The 3 stars are not because it was a bad answer from the researcher!
The help was fantastic! Thanks Endo once again and to all the other
researchers that have origianlly help! Reason I'm rating it a three,
is that I really thought that there would have been an easy to use
product that could be integrated and provide what I wanted without all
the hassle of having to deal with a database. What was explained, is a
good solution, but not the ideal one, so I'll have to go that way!
Once again thanks Endo!

Comments  
Subject: Re: Restricting document access
From: endo-ga on 13 Jun 2003 06:07 PDT
 
Hi,

I fully understand your reason for the rating, I'm sorry I couldn't
find something better to suit your needs.
Thank you very much for the extremely generous tip! Very much
appreciated for the start of summer. I hope you'll be using Google
Answers again. Thanks.

Regards,
endo
Subject: Re: Restricting document access
From: 4thepeople-ga on 16 Sep 2003 14:37 PDT
 
FTPsync
http://www.fileware.co.uk/

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy