Security via Sandboxie and naming obscurity

[Edward-US]

Looking for feedback on my security implementations. Very impressed with the program.

My Setup
My set up has HFS running on a subdomain of my site: ie transfer.mysite.com
It runs on a Windows Storage Server 2008 essentially win server 2008
The storage server shares a folder called transfer that all users on the network can access via a mapped drive that is T: for them. Transfer has 2 folders: Download and Upload.
On HFS, it hosts the Transfer folder as a real folder. 
Thus when any user on the network places a file in t:\downlaods\ HFS shares it.


HFS runs in Sanboxie on the Storage Server. My thinking is that if some exploit is found and used against me the attacker will be limited to the sandboxed conditions. I know its possible an exploit may come along and they  may be able to read other files hosted via an exploit but as far as writing any file except in the upload folder, compromising the OS or accessing anything else on the network (sanboxie completely restricts HFS from accessing network shares and other certain local folders that may be sensitive.) 

My other security measure that covers access to other files is obscurity, by having users place files in long folder names and to mask the root folder of all of them with a random string so that ppl cannot 'browse' and see other folders, they can only see the files of the folder they are in (but not its subdirectories). Thus If I give someone a link http://transfer.mysite.com/downloads/ShareA876g4783202/ they can only see the files in that folder and not even its sub directories.
If they got snoopy and went to http://transfer.mysite.com/downloads/ they would  see no files because that folder only contains folders (no loose files) and the folders are masked so they don't see anything
My thinking is that if they wanted to access another folder I share they would have to guess what it is.

Since my set up involves users not on the HFS PC placing files via windows file share into folders that HFS hosts, they do not have practical access to the HFS program interface to always set passwords and username for the folders they create. See http://www.rejetto.com/forum/index.php/topic,10803.0.html for more on my settup with users not on the HFS pc.
Thus by prohibiting the viewing of folders through a mask that is a random string and doesnt match any actual folder name and making it difficult to guess the names of other folders I figure I am pretty secure.

One big concern would be if a public user could turn the mask off.

Thanks

[rejetto]

i think your setup is ok.

only doubt that came to my mind if i could find your folder names by searching, but just tried and no result came.

[Edward-US]

What about archive and file listing? I am now using the beta 2.3
I just realized that if I add ~files.lst?recursive to any folder, including, the root it shows everything!!

Same with ~folder.tar?recursive which would download everything.

Can these two features be disabled?

[raybob]

use hfs.events with something like this: (this will block all archives and file lists)

[request]
{.if|{.count substring|mode=archive|{.substring|?||%url%.}.}{.count substring|~folder.tar|{.substring||?|%url%.}.}{.count substring|tpl=list|{.substring|?||%url%.}.}{.count substring|~files.lst|{.substring||?|%url%.}.}|{:{.redirect|~deny.}{.break.}:}.}

[Edward-US]

Very cool. That worked, thanks.