• State Not Answered
  • Replies 7 replies
  • Subscribers 60 subscribers
  • Views 1401 views
  • Users 0 members are here

Security issue concern

Luc Poulin
Offline

Hi All

I receive this request relate to security concern and IP protection

Basically I'm being ask how can we prevent a user accessing PW to take data out of ProjectWise in any ways.

Parents
  • 0 Offline

    Further to Kevin's reply, permissions within ProjectWise can get very complicated.

    Are you trying to stop someone accessing an entire datasource, or just a specific work area within the datasource? If it is just a specific work area, you will need to ensure that the permissions are explicit through the whole folder tree. If someone is specified as no access at a high level folder, but is in another group or list with access to a sub-folder, they will be able to see the files by way of a search.

  • 0 Offline in reply to Mick Inkster

    Hi Mick

    For the search I was aware of this, find it useful but never had a chance to really implement in production

    From the request I receive I decode this............  prevent from exporting, prevent to save as, prevent from copy-out/check out but at the same time allow client cache to be populate with an auto delete upon closing the document. Or hash the document in the local cache so it can be read only by an authorize client. The decrypt key will be set randomly in the admin panel and change every X minutes.

    I saw the captivate function that may seems to solve some issue, like prevent to save outside of ProjectWise ( If I read correctly)

    I could resume this to projecting/streaming the document on the screen, block the print screen so the only way to extract the data would be to take a picture of the screen...

    Has Kevin Highlight unless I know exactly the paranoia level people have  about the share information we distribute :-)    it will be hard to figure out the proper setup/configuration.

    Thank you for your in put. This is the type of feedback I as looking to help me build an idea of what is available and what can be configure

  • 0 Offline in reply to Luc Poulin

    Unless there is something that I have missed, you will not be able to fulfill that criteria. If you can open a file as read-only, you have the ability to export or save-as. Even a captive environment does not stop the ability to export. It may stop the save-as but only on certain programs.

  • 0 Offline in reply to Luc Poulin

    "prevent from copy-out/check out but at the same time allow client cache to be populate with an auto delete upon closing the document"

    This makes zero sense. Prevent from copy-out/check out means they can't open the file at all so you don't have to worry about the second part. You can prevent copy & check out by denying them access to the file altogether.

    "allow client cache to be populate with an auto delete upon closing the document" is not possible. In Projectwise you can have it delete the file (and references) on check in or free but not on close (you would be risking all the work they did if you could). 

    "Or hash the document in the local cache so it can be read only by an authorize client. The decrypt key will be set randomly in the admin panel and change every X minutes."

    This is not a feature of ProjectWise. You could turn on full disk encryption in your Windows but the user will always be able to read the file. Generally speaking full disk encryption is protection agains the hard drive/laptop being stolen, not protecting users of the machine from copying files. FDE is also a bit of a protection against people booting up a different OS on a USB stick or CD drive and reading the disk from the alternate OS.

    blocking print screen doesn't stop people with a phone with a camera on it, which is almost everybody. you also have to block printing because they can just print and walk out with the document. If they actually need to print then this isn't possible.

    The captive environment setting only works with software that is actually integrated with Projectwise. So Bentley software, most of Office 365 (but not all), some Autodesk, InDesign from Adobe (not even sure it works on that integration). And I'm not sure it's 100% coverage. For example the Backup command on MicroStation can cause a copy of the file be made into an arbitrary location. It doesn't even switch to the other file like a Save As... does. VBA can probably do something similar bypassing even that key-in.

    BTW, Something similar has been discussed before. I know Bentley had a DRM product at one time that might help but only with PDF files. It added DRM to the files so that even if the file were copied access could be blocked. I think this is no longer available?

    https://communities.bentley.com/products/projectwise/content_management/f/content-management-forum/80090/secure-document-proposal

     

  • 0 Offline in reply to Kevin van Haaren

    Thank's again Kevin DRM sound like something interesting, will keep that on my watch list

Reply Children
No Data

Communities
Support and Services
Training and Learning
Social Media