Dropbox Client Access Control (DCAC)

Dropbox Client Access Control (DCAC)



Problem?

Access to Dropbox Client cannot be password protected.
Dropbox stated, in their answers to multiple Dropbox forum questions, that only way to control access to Dropbox Desktop Application (Client) is to use user accounts (i.e. to secure particular user account) or to use the security restrictions available on operating system to restrict access to files and folders. In many cases (personal and bussiness) this is either too complicated or not possible at all, so any user that has access to computer has access to all options in Dropbox Client (meaning also that it has access to all files and folders of that Dropbox account). It seems that password protection to access Dropbox Client should not be too complicated for company as important and capable as Dropbox, but it seems that their interests are somewhere else. So solution or workaround is needed.

Solution (well, sort of - and Windows only)

Dropbox Client Access Control is a way to password protect access to Dropbox Client.
Used in combination with Selective Sync (inside Dropbox Client) it can provide controled access only to selected folders in Dropbox account while protecting access to Dropbox web account from Dropbox Client, as well as protect access to Dropbox Client preferences.

Access to local Dropbox folder is possible regardless of this protection via double click on Dropbox Client icon in notification area. Therefore, if controlling access to certain folders within Dropbox account is needed, combination with Selective Sync is a must. If controlling access to Dropbox preferences is user's only goal, then combination with Selective Sync is not needed.

How secure is DCAC protection and how to remove it?

Dropbox Client Access Control is aimed at stopping average or somewhat expirienced user, but it is not meant to be absolutely secure (since it has to be removable by power user).
This solution cannot be stopped simply by using Task Manager or Windows Service Applet from Control Panel and cannot be uninstalled using Programs and Features Applet from Control Panel (installation will not create uninstall procedure).

However, power user know ways to uninstall windows services. Services should be uninstalled, processes stopped and then files can be deleted. This solution does not write entries to Windows Registry or put files in Windows system folders, so uninstall is simple - uninstall and stop services and delete two folders (application and data folder).

If you need help removing DCAC please use mail contact bellow.

How to ...

Limit access to Dropbox Client preferences.
Install Dropbox Client Access Control. :)
Limit access to selected folders within Dropbox account.
User should create separate folders for files that should and should not be accessible through Dropbox Client on user's computer. Then using Selective Sync user should select which folders will be synced to local computer. By limiting access with Dropbox Client Access Control (DCAD) any user on local computer will have access to synced folders, but users will be prohibited to access (and therefore alter) preferences of Dropbox Client. Folders that are not synced will not be accessible via Dropbox Client.

Only correct password allow user to alter preferences i.e. select folders to be synced and therefore be available to any user.

Techical details

Dropbox Client Access Control uses combination of Windows services and Windows application to control access to Dropbox Client and it's preferences.
DCAC uses two Windows services and one Windows forms application.

DCACAgent application controls if user tried to start Dropbox client via mouse click in Notification area. If starting of Dropbox Client is detected it checks if access was already granted. If access was not already granted it asks user for password and if password is accepted it grants access to Dropbox Client for 1 minute (default access period of 1 minute can be changed to 5 or 15 minutes within DCACAgent). DCACAgent also provide option to change password, if needed. DCACService Windows service checks if DCACAgent and DCACGuardian Windows service are running and starts them if neccessary. DCACGuardian checks if DCACService is running and starts it if it's not. DCAC uses this technique to harden process of stopping it's control over Dropbox Client.

After allowed access time had expired, DCACAgent will again ask user for password.

DCACAgent uses PBKDF2 algorithm with 128000 iterations to create salted password hash and uses digital signature to verify integrity of xml file with saved password hash. It also extensively uses SecureString to limit visibility of password during application life cycle to minimum.

Therefore, after you change inital password it's practicly imposible to recreate users password (at least with current reasonable resources and without secret knowledge of three letter agencies). Please do not ask for help if user forgot her/his password. Only solution is to remove DCAC and install it again.


Default minimal length for passwords is 9 characters. Please use best practices when you're creating your passwords - if your password is weak then best protection in the world makes no sense.

DCACService, DCACGuardian and DCACAgent write events to it's log in Windows Application and Service logs. Log can be viewed via Windows Event Viewer.

Initial password is "DCACADefaultPassword!=1" (without quotation marks).

Licence

Dropbox Client Access Control (DCAC) is a freeware.

It is free for private and commercial use, but modifications, re-distribution, reverse-engineering and any other usage declared prohibited in End User Licence Agreement, are prohibited without the explicit author's permission.

Dropbox Client Access Control (DCAC) is provided "as is", without any kind of warranty. You use it at your own risk.

End User Licence Agreement (EULA) for Dropbox Client Access Control (DCAC) is available on this site (
eula.txt ), during installation of Dropbox Client Access Control (DCAC) and from help menu after installation. Please read it before using DCAC software.

Contact

Please feel free to contact author via e-mail regarding DCAC, for example concerning errors, modification or expanding features of DCAC.

E-mail for contact: dummy_email_for_web_crawlers




Download is near, finally :)

Initial password is "DCACADefaultPassword!=1" (without quotation marks).

PLEASE CHANGE INITIAL PASSWORD IMMEDIATELY AFTER INSTALLATION!


   Current version 1.05
   Change log is available here .
© PEM2 2017 - dummy_end_year