问题
In the past many applications have stored Temporary files in the Temp/Tmp directory; either the System's or the user specific ones. Recently though we've had many users in Enterprises where usage of the Temp directories are blocked due to Virus Scanning tools or Host Intrusion Prevention Tools and policies not allowing usage of those locations. I think the fear here is that multiple applications can read and write from that location and so a rogue application could negatively affect another application or its temporarily stored data. This seems like a correct and more secure way to function, so I cannot ask that people begin allowing an increased risk.
My question then is How/Where to (physically) securely store User Specific, Application Specific, yet temporary files.
Should each application be expected to manage this themselves, or is there some new Application & User Sandboxed Temporary data store feature I am not aware of?
Specifically I am focused on using .NET 4.0+, C#, and Windows 7+, but the question should be applicable to other languages used on Windows as well.
Similar, but older and not specific enough threads
- C# Best Practices: Writing "temporary" files for download: Place in applicaion's environment folder or temp folder
- Virus scanners locking and deleting temporary files - best way to cope with them?
- Windows temp directory details (Java)
- https://stackoverflow.com/questions/30547113/secure-temp-file-creation-within-temp-directory
The 1 answer of Encrypting the contents and file name does not seem like a Best Practice solution, and will still be blocked by the Host Intrusion Prevention System.
回答1:
The ApplicationData directory is indeed the right place according to MS guidelines to store app specific files, including temp files. However this doesn't necessarily solve your security problem. Whether or not it solves it depends on what the problem is.
Windows uses ACLs to grant/restrict permissions to file system directories. ACLs are specific to a user, a group, or a set of users/groups. There are not specific to applications. Suppose a particular user, Art, runs an app, Papp, and Papp stores its data in C:\Users\Art\AppData\Roaming\Papp. If Art runs Qapp then Qapp (unless run as a different user) has access to Papp's files.
Note that by default the environment variables TMP and TEMP are under AppData, so in security terms the ApplicationData special folder is no better or worse. (It is better than C:\temp and c:\tmp though).
If user Betty runs Qapp then by default Qapp won't have access to Art's Papp files if they are under his AppData. So if the security problem is to prevent other users running Qapp from accessing Art's Papp files then any directory under AppData will work.
But if the problem is with Art running Qapp (which could be malware and could be something Art didn't intentionally run), then some solutions are:
1) Use a white list program that only allows authorized programs to run, 2) Use a black list program (ie traditional anti-virus) that attempts to stop malicious programs like Qapp 3) hybrid approach where trusted programs runs as Art and untrusted programs runs as another, less privileged user or run in a sandbox.
回答2:
You should use the special folder typically referred to as AppData. This can be accessed in C# by calling Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData).
The description of ApplicationData is as follows on MSDN:
The directory that serves as a common repository for application-specific data for the current roaming user.
I have created a number of applications for financial services clients (i.e. highly restricted and locked down corporate desktop environments) that use this location and have not had any issues with creating temporary files there.
MSDN: Environment.SpecialFolder
来源:https://stackoverflow.com/questions/35461721/how-to-securely-store-temporary-files-in-windows-especially-with-security-intru