How to teach a client to request a password every time it starts?
To make the SeaDrive client request a password every time it starts, you need to disable the Automatic login setting for your account.
Here is how you can do it:
- Logout or Remove the Account: Right-click the SeaDrive icon in the system tray, select Accounts, and choose to Delete or Logout the current account.
- Log in again: In the login window, enter your server address, username, and password.
- Uncheck “Automatic login”: Before clicking “Login”, ensure that the Automatic login checkbox is unchecked.
Once this is done, SeaDrive will no longer save your session token across restarts and will prompt for your password every time the application is launched.
Important Note on Security:
Please be aware that requiring a password at startup only protects the connection to the Seafile server. Any files already cached locally on your hard drive (in the SeaDrive cache folder) may still be accessible to someone with access to your Windows user profile.
If you need to protect specific sensitive data, it is recommended to use Encrypted Libraries. These libraries require a separate password to “mount” and access, and you can choose not to save that password in the client.
For more details on SeaDrive settings, you can refer to the SeaDrive Client Manual.
1 Like
Thanks for the comprehensive instructions.
Are encrypted libraries not cached on the local drive?
Or are they cached, but encrypted?
My goal is to store the source files in an encrypted library in the cloud.
After launching the drive client, I plan to mount this library as a drive and work with it.
To answer your questions about how encrypted libraries interact with SeaDrive and local caching:
1. Are encrypted libraries cached on the local drive?
Yes, they are. Like regular libraries, SeaDrive downloads and caches the files you access from an encrypted library to your local hard drive so you can work with them.
2. Are they cached in an encrypted or decrypted state?
In SeaDrive, when an encrypted library is “unlocked” and mounted, the files are decrypted by the client and stored in the local cache in plain text (decrypted).
While Seafile provides “client-side encryption” for data transmission and server-side storage (meaning the server never sees your unencrypted data), the SeaDrive client must decrypt the files to make them accessible to your Windows applications. If someone has access to your Windows user profile and knows where the SeaDrive cache folder is located (usually under C:\Users\username\seadrive\data), they could potentially see the content of any files that have been recently opened or “pinned” (cached) there.
3. Regarding your security goal
Your plan to store source files in an encrypted library is excellent for protecting data from server-side leaks or unauthorized access by server administrators. However, for local protection:
- When the library is NOT mounted: The files are not visible as a drive, but any previously cached data remains in the local cache folder.
- Recommendation: If your primary concern is someone gaining physical access to your computer or your Windows profile, the best solution is to use Windows BitLocker or another full-disk encryption tool to encrypt your entire hard drive. This ensures that the SeaDrive cache (along with all other local data) is protected when the computer is off or the user is logged out.
Alternatively, you can manually clear the SeaDrive cache via the client settings if you have been working with particularly sensitive files, though this is less convenient than disk encryption.
1 Like