Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

Pathduck

pantera1989 wrote:

Is there no way to disallow the editor then?


I'm afraid the answer is no...

Let's suggest a scenario: A malicious user (I don't say you have any, just hypothetically :wink: ) want to edit files but you do not allow it in Winscp. So he downloads Putty, or some other ssh/sftp client, and uses that to log in, and then edit the files with vi, or any other editor. They could even use the built-in simple terminal in Winscp to do a substitution of what they want to change in the file, or create a custom command to do the same thing.

So basically, you can take care of permissions on your local site - but if the guys 'on the other side' won't cooperate and set read-only for the files there, there is no way to stop anyone editing them using any sort of workaround.

Even if you disable the editor, a user might be able to download to another location (local disk C: is available?) and edit it there.

If you want total control, take the user completely out of the equation and make a script to do the same thing, using for instance psftp or scripting in Winscp. That would be the best solution I think.


-P
pantera1989

martin wrote:

Pathduck wrote:

I think things such as these are best solved with correct access rights on the file system - read only for all files for instance, not a solution like this, which probably any user with a little computer knowledge can easily circumvent anyway.

Exactly. Thanks for answering.


I cannot limit this with read only rights as I don't control the other end where the files are obtained from. And locally they would need write rights to actually put the files there. The files are removed everyday, where new files are obtained the next day.

The scenario is this:

They retrieve files from a remote SFTP server and copy them to a local location. These files can be seen but not modified. They will be opened by a program to be processed. I have managed to disallow them editing the files while they are locally but I have no way to stop them from editing the files from the remote SFTP server because they can be edited with WinSCP itself.

Is there no way to disallow the editor then?
martin

Pathduck wrote:

I think things such as these are best solved with correct access rights on the file system - read only for all files for instance, not a solution like this, which probably any user with a little computer knowledge can easily circumvent anyway.

Exactly. Thanks for answering.
Pathduck

Hi,
I don't think there is a way to completely disable the internal editor - if you remove all editors, the internal and Notepad will always be back.

I think things such as these are best solved with correct access rights on the file system - read only for all files for instance, not a solution like this, which probably any user with a little computer knowledge can easily circumvent anyway.

-P
pantera1989

Remove/Disable Internal Editor

Hi,

Is there a way to remove/disable the internal editor completely? We need our users not to be able to modify files; only retrieve them.

I know it can be removed in Options, but it can easily be re-added. I was wondering if there is a way to permanently remove this feature.

Or maybe is there a way to password protect the Preferences?

Thanks,
Robert