I am building a small software for laboratory. Tests are requested and laboratory technicians perform the tests, and enter the results, and the software creates reports, transforms them to pdf, and saves them on the server in a folder called archive, so that when doctors log onto the software, they can see the files in a form with a grid in it. And only from that form, the files can be opened.
Everything works fine, but I need to restrict the access to the file called archive so that users can not access it manually. I only need my software to be able to access it.
So what I intend to do is that once the client software logs onto the server software, I want the server software to send a username and password to the client software that remains hidden from users. Because only the client software should be able to create, delete, and change files in the archive folder located on the server.
How can I put a username and password on that file ? Do I need to create an account on the server ? Or is there another way to do this ?
I would recommend against working with passwords. You don't wish to store them, handle changes and risk them getting out. If something is available to the client program, it's generally available to the users. You can't trust the the client or the user.
Why not let the server have access to the folder? Don't give users any permissions on the archive folder but have the client send the files to the server (by adding this option to the server's API). The server can validate the user as legitimate (using your own authentication and authorization, if you have any) and that the files appear OK and then place them inside the Archive folder. That way only the user running the server process has access to the folder and you don't have to mess around with passwords and accounts.
Another idea, if you do not wish to change the API with the server too much. Create another folder, which users will have access to. The client will upload the files to this folder. The server could scan the folder periodically or get notified about the file from the Client, check the file and move it to the protected Archive folder.