The ability to password protect individual projects

No
NotCharlieKaufman

Wed Mar 07, 2018 1:51 pm Post

KB wrote:Yes, Katherine and popcornflix have hit the nail on the head. We do get frequent requests to password-protect Scrivener projects, but it's not like password-protecting a single file such as a Word document, which can be encrypted. As Katherine and popcornflix point out, a Scrivener project is not a single file but a folder full of many files. That entire directory would need encrypting, and it would need decrypting on read. That is far from simple. Would each file be decrypted as it was needed? Or would an entire (possibly huge) project directory be encrypted and have to be decrypted as a whole on project open?


This may be worth some more research, as I think this could be easier than you surmise. Pages has the same multi-file package structure as Scrivener and provides transparent encryption by simply packaging as an encrypted ZIP archive.

Files in an encrypted ZIP archive can be listed without the need to decrypt every file, so there is no barrier to Scrivener's existing functionality. Scrivener can ask for the password to an encrypted project upon open, then decrypt individual documents on the fly as they are accessed, fitting with its existing memory management model.

A quick search on Apple's developer site reveals an example app for browsing ZIP archives without unarchiving: https://developer.apple.com/library/content/samplecode/ZipBrowser/Introduction/Intro.html

Basically if Scrivener reads its folder structure as a ZIP archive you get encryption for free, and smaller disk footprint. This may also solve your issues with iCloud sync.

User avatar
KB
Site Admin
Posts: 20607
Joined: Tue Jun 13, 2006 11:23 pm
Platform: Mac
Location: Truro, Cornwall
Contact:

Wed Mar 07, 2018 3:00 pm Post

A zipped package would not work for Scrivener at all. Programs that use zip file - such as Pages and Word - are able to do so because they read the entire file into memory and load and write the entire file out to disk on save. Scrivener does not do this, but instead reads each file as it needs it and writes each file inside the package without affecting any other files. This reduces the change of corruption and allows for large projects.

The code you link to is very old and uses deprecated APIs; even so, it could only show the contents of a zip file, not manipulate them on the fly. There are no frameworks or technology on the Mac that allows you to work with files inside a zip file directly. The only way would be to extract a file to a temporary location and write it back into the zip file occasionally, which is not optimal and would break many things in Scrivener. It would also increase the risk of corrupted projects, because a bad write to the zip file could result in a corrupt zip file and thus a lost project, something that could never happen with the current folder structure approach.

Using a zip package is something we have thoroughly explored (the above is just a snapshot of a couple of the problems involved - it goes much deeper) but I'm afraid it is just not a viable option for Scrivener.

All the best,
Keith
"You can't waltz in here, use my toaster, and start spouting universal truths without qualification."

No
NotCharlieKaufman

Wed Mar 07, 2018 3:37 pm Post

Well darn. I appreciate the clarification though!

mi
mitheshge
Posts: 1
Joined: Sun Dec 16, 2018 5:49 am
Platform: Mac + Windows

Sun Dec 16, 2018 6:05 am Post

How about password protect the whole application? Like, use a Master password for the Scrivener application instead of password protect individual projects. I would also like the password protect feature. It is a little difficult when someone shares their laptop with someone else. For ex. a friend or even family member.

User avatar
Amcmo
Posts: 237
Joined: Sun Feb 10, 2013 7:59 am
Platform: Mac, Win + iOS
Location: Sunshine Coast Australia

Sun Dec 16, 2018 9:01 am Post

I haven’t tried it specifically with Scrivener, but with the Mac APFS file system (High Sierra and later) it’s easy to generate an additional volume on a disk (disk utility). Beauty is it can be individually password protected and unlocked either at boot, or by mounting. It Co-exists with the normal Mac volume and size adjusts as needed. No need to mess around adding partitions. I use this feature to lock specific work related confidential info on the encrypted volume. The apps are all in the usual place, just the data folders reside on that volume. Due to the confidentiality and corporate rules on handling data on non company owned equipment I mount the volume to work on those files, then unmount on close.

Not aware of same functionality built in to Win, though do recall using a 3rd party program to dynamically manage partitions. Way back in the Win dark ages.

Don’t quote me, but in 40+ years in computers I don’t recall a password protect for launching an app

mb
mbbntu
Posts: 1039
Joined: Wed Aug 01, 2007 9:44 am
Platform: Mac + iOS
Location: Cambridge, UK.

Sun Dec 16, 2018 11:22 am Post

With a Mac that is being shared I would have thought that the easiest thing would be for each user to have their own account on the computer -- one administrator and one or more guest accounts (each person has their own password for using their account). I've never done it for sharing, but I've set up guest accounts to test things. Don't remember all the details, but it was pretty easy.
You should judge people not by how close they get to the top, but by how far they have come from the bottom. Some people have a mountain to climb just to get to the place where others start out. (Me, 2010)

User avatar
xiamenese
Posts: 3776
Joined: Mon Jan 29, 2007 1:32 am
Platform: Mac
Location: London or Exeter, UK.

Sun Dec 16, 2018 6:12 pm Post

mbbntu wrote:With a Mac that is being shared I would have thought that the easiest thing would be for each user to have their own account on the computer -- one administrator and one or more guest accounts (each person has their own password for using their account). I've never done it for sharing, but I've set up guest accounts to test things. Don't remember all the details, but it was pretty easy.

That’s what I’d do too. It’s very easy System Preferences > Users and Groups, click the lock and enter your administrator password to unlock the system, then click the + button and proceed.

Mark
The Scrivenato sometimes known as Mr X.
rMBP 13" (early 2015) 10.14.3, 8GB RAM, 512GB SSID
MBP17" (late 2011) 10.13.6, 8GB RAM, 512GB SSID
2017 iPad, iOS 12.1.1, 128GB, Apple Pencil
Scrivener, Scapple, Nisus Writer Pro, Bookends …

User avatar
kewms
Posts: 4451
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Sun Dec 16, 2018 7:22 pm Post

Yes, using separate accounts is the way to do it. You could also put your Scrivener projects (and their backups!) on an external disk and physically remove the disk from the computer when you aren't using it.

Generally speaking, sharing a computer that has confidential data with untrusted people is a bad idea. You'll want to think about exactly why you want to keep the data confidential, how curious the other people using the computer are likely to be, and what the consequences of a data breach would be.

Katherine
Scrivener Support Team

User avatar
Amcmo
Posts: 237
Joined: Sun Feb 10, 2013 7:59 am
Platform: Mac, Win + iOS
Location: Sunshine Coast Australia

Mon Dec 17, 2018 2:38 pm Post

Yes, I thought about the different users, however know from experience of too many instances, someone forgets to log off and it’s open to everyone to have a play, plus if you make the mistake of having two users with elevated permissions it’s easy to grant oneself access to other’s folders.

Mind you, similar applies if you forget to unmount the volume in my example.

Not a great fan on relying on removeable media as primary storage as they are open to misplacing, and of course pays to password protect and remember to take with you every time.

Katherine’s final point is perhaps key. Nothing quite as effective as ‘It’s mine - go play with your own’

User avatar
rdale
Posts: 1429
Joined: Tue Jul 14, 2015 1:07 pm
Platform: Mac, Win + iOS
Location: St. Louis, MO
Contact:

Mon Dec 17, 2018 3:36 pm Post

Amcmo wrote:Yes, I thought about the different users, however know from experience of too many instances, someone forgets to log off and it’s open to everyone to have a play, plus if you make the mistake of having two users with elevated permissions it’s easy to grant oneself access to other’s folders.

The solution is to only have one trusted user (you?) be the only administrator on the computer. Everyone else is locked into certain settings, such as having the screen lock after X minutes of inactivity so nobody can directly gain access to the previous user's data unless they rush to take the empty seat.

I do like the idea of creating encrypted volumes (maybe even just one per project), which can then be synced with less risk of a data breach on a cloud service. This is something that Macs do pretty well, and I recommend anyone interested in encrypting their projects to look into that as a general-purpose way encrypting folders of any size.

As for the up-stream suggestion of encrypting the application; that won't prevent someone from just copying the project (most documents live outside of the application that creates them) and then opening it on another computer. Nor will it even prevent someone from just viewing the contents of the project (which is just a folder with files in it, by the way) using a standard word processor, though it won't be organized in an easily navigable way.
FKA: robertdguthrie
AKA: R Dale Guthrie, Robert, Mr. Obscure, and "Oh, it's you again".

User avatar
PWR
Posts: 21
Joined: Tue Oct 02, 2018 8:41 am
Platform: Mac
Contact:

Fri Dec 21, 2018 4:48 pm Post

You guys are all overthinking this. I'm pretty sure recent version of macOS have FileVault enabled by default, which means that your home folder (and all files therein) is encrypted with your login password. The idea of encrypted individual files or folders on an already encrypted volume is a bit pointless. Just remember to close your laptop.

Contrary to what someone said, it is not possible for another user with admin privileges to access your home folder without your password. It's encrypted.

Edit: FileVault 2 (released with Mavericks) changed the encryption behaviour from home folder to disk-level, so anyone with permission to unlock the disk can see your home folder, and admins can change the permissions to allow read/write access (which seems like a step backwards in security to me...).

That said, absolutely never upload anything of value to Dropbox. All files on Dropbox's servers are encrypted with a single private key. Google the ramifications of this. (Personally I find the baked in use of Dropbox to tarnish the image of Scrivener.)
Last edited by PWR on Sat Dec 22, 2018 3:47 am, edited 1 time in total.

User avatar
kewms
Posts: 4451
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Fri Dec 21, 2018 5:29 pm Post

PWR wrote:Contrary to what someone said, it is not possible for another user with admin privileges to access your home folder without your password. It's encrypted.


It is possible for a user with admin privileges to change another user's password, though. Which doesn't help casual snoops -- you'll know your password's been changed, so you'll know someone was snooping -- but is a reason not to store confidential data on systems controlled by other people.

Katherine
Scrivener Support Team

User avatar
Amcmo
Posts: 237
Joined: Sun Feb 10, 2013 7:59 am
Platform: Mac, Win + iOS
Location: Sunshine Coast Australia

Sat Dec 22, 2018 8:52 am Post

Actually there is a way for an admin user to give themselves access to another user’s folder.

I’ll refrain from explaining.

And of course if someone has root level access....

User avatar
PWR
Posts: 21
Joined: Tue Oct 02, 2018 8:41 am
Platform: Mac
Contact:

Sat Dec 22, 2018 5:12 pm Post

Amcmo wrote:Actually there is a way for an admin user to give themselves access to another user’s folder.


Yeah I'd not kept up on the changes to FileVault. It used to encrypt a user's home folder. Hmph.

User avatar
kewms
Posts: 4451
Joined: Fri Feb 02, 2007 5:22 pm
Platform: Mac

Sat Dec 22, 2018 8:31 pm Post

PWR wrote:Edit: FileVault 2 (released with Mavericks) changed the encryption behaviour from home folder to disk-level, so anyone with permission to unlock the disk can see your home folder, and admins can change the permissions to allow read/write access (which seems like a step backwards in security to me...).


In corporate environments, this meets two requirements:
1. The IT department can help a user who forgets their password. They can also lock out a user more easily in the event that the password is compromised or the user is fired.
2. The user can't hide bad behavior from the company as easily.

"Step backward in security?" Not really. You shouldn't be keeping your own confidential data on a system that you don't personally control anyway. And if you *do* control the system, you shouldn't be giving admin access to people you don't trust.

Katherine
Scrivener Support Team