...locked folder content is visible by others on network...

Started by p3t3r, September 15, 2010, 12:54:13 AM

Previous topic - Next topic

p3t3r

Hi,

Yes, I can lock a folder on my NAS, however the content is visible on other computers on the network, so Espionage is totally worthless when used on a NAS (Network Attached Storage) a.k.a. external harddisk which is connected to an internal network. For example, another mac or even Windows7 PC can view the content on the folder, which is ONLY locked on my mac which is running Espionage, the other computers do not have Espionage installed.

Bug? ...locked folder content is visible by others on network?

Please advise.

Regards,
P3t3r.

greg

Is the folder encrypted or are you using no encryption for it?
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

p3t3r

no encryption, because the folder on the (Synology) NAS contains a lot of video material.

greg

OK, I think I see what the problem is.

I just tested accessing a non-encrypted Espionage'd folder on another computer via Apple File Sharing, and as expected, I wasn't able to access the folder. Espionage will prevent access to networked users to protected folders for the machine that it is on. Espionage can only protect folders on the machine it's installed on. If your NAS is just a drive on the network (and doesn't represent a Mac with Espionage installed on it), then an instance of Espionage installed on another machine cannot protect the non-encrypted folders on that NAS from a remotely connected Mac. This is because the NAS is actually being managed by another machine/OS (that does not have Espionage installed), not the remotely connected computer, which is just acting as a client.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

p3t3r

...so Espionage is totally worthless when used on a NAS (Network Attached Storage) a.k.a. external harddisk which is connected to an internal network. What a dissapointment. I have bought MacUpdate especially because of Espionage and it now seems to be a Pie in the Sky, a false promise.

greg

I'm sorry to hear of your disappointment, however, I think calling Espionage a "false promise" because it doesn't work in this esoteric scenario is a tad extreme... especially considering that Espionage is not being used in this situation to protect the folder. For Espionage to protect the folder, it must be running on the system that's in charge of the drive, and in this case, it is not (the crux of the problem). You also had the opportunity to try out Espionage before purchasing the bundle.

Espionage does work, for example, when used on an external drive attached to a Mac, when connecting to that drive through the Mac via Apple File Sharing (AFS).
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!

Just Felix

Greg, this is not an esoteric scenario, but a very common one: imagine the following common instances:
a) A network home directory (something that OS X Server currently supports), where a user can login with the same credentials from different client iMac-s and regardless of the machine, he gets this home folder mounted from the OS X Server (see http://www.apple.com/server/macosx/feat ... aring.html)
b) A folder on another Apple OS X computer that two or more people want to share
   b1) Tax folder in your screen-shot: what is my wife, using her iMac, not mine, wants to look something up?
   b2) Firm, project file on file server (let's say OS X Server) to be accessible only by some team-members (think of a law firm, or an accounting firm, for example)

These situations are very common and it would be great is Espionage could be improved to work under such scenarios.

Just laying out some ideas, why the encrypted container cannot be stored on the same drive (local or network drive) as the folder being accessed, and the locally installed Espionage (on the client OS X) would not just provide the logic to access it? Manually, these scenarios can be already achieved today using TrueCrypt containers (http://truecrypt.org). With my limited programming knowledge, perhaps all you would need to do would be to hook up the API calls to open a network folder (at least for the AFP protocol). I know that is easier being said than done, all I want to do is to stimulate the discussion.

Is this impossible to do technically, in your opinion?

Thank you

greg

Quote from: "Just Felix"b) A folder on another Apple OS X computer that two or more people want to share

This is possible, as I mentioned, by using apple file sharing (AFS). When a folder is unlocked on one computer running Espionage, you can connect to that computer over AFS and the unlocked folder will appear as a mounted volume/drive.

What is not possible is remotely unlocking a folder from another computer. For example, if you have someone's home directory mounted on your computer, and they have Espionage installed, you cannot double-click on one of their locked folders and expect a password prompt to appear on your computer. This is just technically not possible with the way Espionage currently works, and would be extremely difficult to implement.

You could, however, connect to their computer both over AFS and use Apple's Screen Sharing to remotely unlock the folder, that is doable. You would use Screen Sharing to unlock the folder first by controlling their computer remotely, and then using AFS to transfer any files you need.

Again, Espionage will only work on the computer that it's installed on and for the folders that are under its control.
Follow @espionageapp@twitter.com or @espionage@mstdn.io for news and updates!