Securing Inquisit in a networked environment


Author
Message
lakeside
lakeside
Guru (6.8K reputation)Guru (6.8K reputation)Guru (6.8K reputation)Guru (6.8K reputation)Guru (6.8K reputation)Guru (6.8K reputation)Guru (6.8K reputation)Guru (6.8K reputation)Guru (6.8K reputation)
Group: Forum Members
Posts: 34, Visits: 121
We are testing Inquisit within a closed network where identical client machines read tasks from and write data to a networked server. Right now we are trying to ensure a respondent will not have access to data files on the network but will still be able to write to the network. How have others handled this scenario?

We've restricted directory permissions to Write Only but, when a task is started, Inquisit writes a blank file. At the end of the session, Inquisit then needs to open the file again to write data. Under Write Only, Inquisit cannot add data to the file - I assume because it needs Read access as well.

Dave
Dave
Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)Supreme Being (1M reputation)
Group: Administrators
Posts: 12K, Visits: 83K
Simply denying the respective user the 'read' permission for the respective folder should work just fine.

Suppose you have a folder called 'data' that you write to and a user called 'inquisit_user' whose account you execute Inquisit under. Then setting
https://www.millisecond.com/forums/uploads/images/ca8fbd3c-8489-4484-8de4-f3a4.png

and doing e.g.

<data>
...
/ separatefiles = true
/ file = "[INSERTPATH]\data\raw.iqdat"
</data>

should write files just fine while making it impossible for the user to view the written data.

Edited 8 Years Ago by Dave
seandr
seandr
Supreme Being (136K reputation)Supreme Being (136K reputation)Supreme Being (136K reputation)Supreme Being (136K reputation)Supreme Being (136K reputation)Supreme Being (136K reputation)Supreme Being (136K reputation)Supreme Being (136K reputation)Supreme Being (136K reputation)
Group: Administrators
Posts: 1.3K, Visits: 5.6K
The important piece to Dave's solution is the /separatefiles=true command. This causes Inquisit to write new files for all participants (which can be merged using the Inquisit Merge Data Files command on the File menu). Otherwise, Inquisit must first read the file before appending data to it.

Note - Inquisit will try to run a validation check on the saved data to make sure matches the original, and that's going to fail without read access, so you might end up seeing some error messages, although you can ignore them.

-Sean
GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Reading This Topic

Explore
Messages
Mentions
Search