Re: Protecting XML File While Displayed In Browser

From: Ayende Rahien (Ayende_at_nospam.com)
Date: 04/30/04

  • Next message: Ayende Rahien: "Is this secured?" 
    Date: Fri, 30 Apr 2004 01:18:36 +0200

    If I really want, I'll just use GetRight or (easier) FireFox and save
    anything your send me.
    It's not nice, but I can do it.
    Even easier, just use Fiddler to watch the http trafic and save the log
    and then edit it.

    You can't forbid the user from editing your content, but you *can* make
    it impossible to fake your document.

    Add the digital signaure as part of the visible document, call it
    Authenticy signal, and then the user can edit the document, but without
    your private key, it's obvious that this is a fake.

    John Bowman < wrote:

    > Shawn,
    >
    > Thanks for the feedback. The issues you raise are the same as what our team
    > has been grappling with. I think I may have worked out a work around, albeit
    > rather round about. Basically, if I create a form that has a hidden
    > WebBrowser control who's code calls it's navigate method, and it navigates
    > to the temp XML file, then delete the temp XML file, then pass the document
    > object from the hidden browser control to a 2nd WebBrowser control (that is
    > visible for display purposes), which first navigates to "about:blank:" then
    > sets it's body to the innerHTML of the hidden control. Viola, the results
    > appear in the visible control and cannot be edited in anyway. Then a simple
    > "Print" button on the form can print the displayed results "in all their
    > glory", so to speak <g>. The displayed results never show the temp file spec
    > and the visble web browser control has no UI navigation abilities (it's
    > nothing but a viewer) and the temp file is gone before they could ever see
    > the data and therefore cannot be tampered with. I also need to disable the
    > right click popup menu on the visible web browser control, but that's doable
    > too. Seems kind of painful, but I've managed to make a prototype work this
    > way.
    >
    > John
    >
    >
    > ""Shawn Farkas"" <shawnfa@online.microsoft.com> wrote in message
    > news:2HI%23QZYLEHA.3064@cpmsftngxa10.phx.gbl...
    >
    >>If you're sending data to the user in IE, there's nothing I'm aware of
    >
    > that will protect it before printing. There may be an IE plugin somewhere
    > that will
    >
    >>provide this functionality for you, but by default there's nothing you're
    >
    > going to be able to do.
    >
    >>Even if your signature was enforced, that wouldn't solve the overal
    >
    > problem of ensuring the printed data is from your original source. If the
    > user
    >
    >>modified the data, and the signature failed to validate, once you've
    >
    > printed it, the signature is lost, so you have no way to know that its
    > invalid
    >
    >>(unless you print a special mark for "invalid document").
    >>
    >>Assuming you had some way to protect the data all the way to the printer,
    >
    > once its been printed out you have a whole new set of problems. If
    >
    >>someone is really determined to fake the data, what's going to prevent
    >
    > them from scanning it into the computer, and using Photoshop or some
    >
    >>other application and dititaly modifying the document, then printing it
    >
    > out again?
    >
    >>This is a pretty difficult problem to solve, I can't think of any good
    >
    > solution off hand, but perhaps some other readers of this newsgroup have
    >
    >>suggestions.
    >>
    >>-Shawn
    >>http://blogs.msdn.com/shawnfa
    >>
    >>--
    >>
    >>This posting is provided "AS IS" with no warranties, and confers no
    >
    > rights.
    >
    >>Note: For the benefit of the community-at-large, all responses to this
    >
    > message are best directed to the newsgroup/thread from which they
    >
    >>originated.
    >>--------------------
    >>
    >>>From: "John Bowman" <<Remove this before reply> john.bowman@thermo.com>
    >>>Subject: Protecting XML File While Displayed In Browser
    >>>Date: Wed, 28 Apr 2004 07:38:14 -0500
    >>>Lines: 35
    >>>X-Priority: 3
    >>>X-MSMail-Priority: Normal
    >>>X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
    >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
    >>>Message-ID: <uM1#t2RLEHA.3052@TK2MSFTNGP12.phx.gbl>
    >>>Newsgroups: microsoft.public.dotnet.security
    >>>NNTP-Posting-Host: host-208-44-151-58.thermo.com 208.44.151.58
    >>>Path:
    >
    > cpmsftngxa10.phx.gbl!TK2MSFTFEED01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
    > .phx.gbl
    >
    >>>Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.security:5878
    >>>X-Tomcat-NG: microsoft.public.dotnet.security
    >>>
    >>>Hi,
    >>>
    >>>I'm hoping this is the right place to post this Q. So if it's not, please
    >>>direct me otherwise.
    >>>
    >>>I've got a simple win forms app (C#) I've been asked to modify that
    >>>generates numerical scientific data as XML and displays it in a grid
    >>>control. The user is allowed to generate a report of the data. To do
    >
    > this, a
    >
    >>>temp XML file containig the portion of the results to display is
    >
    > apparently
    >
    >>>generated and loaded into the default browser using a style *** to make
    >
    > it
    >
    >>>look pretty. This is where the user would normally print his/her results.
    >>>Here's the problem. the XML data file is digitally signed, so when the
    >>>browser is loaded w/ the temp XML file, the user could technically modify
    >>>the data (through View Source, or any other text editor) while it's open
    >
    > in
    >
    >>>the browser, then print it in a modified form and no one would ever know
    >>>that the results had been modified for printing purposes. This of course
    >>>defeats the digital signature. Is there any way to "protect" the temp
    >
    > file
    >
    >>>that is loaded into the browser such that NO alterations can be made to
    >
    > it
    >
    >>>between the time it is loaded into the browser and the user chooses to
    >
    > print
    >
    >>>the displayed results?
    >>>
    >>>I'm afraid I'm such a newbie at digital signature stuff that I'm not even
    >>>certain what approach to take here. Is there some other much more "safe"
    >>>approach to displaying and printing signed XML data? The above approach
    >>>certainly has it's holes.
    >>>
    >>>TIA,
    >>>
    >>>--
    >>>John C. Bowman
    >>>Software Engineer
    >>>Thermo Electron Scientific Instruments Div.
    >>><Remove this before reply> john.bowman@thermo.com
    >>>
    >>>
    >>>
    >>
    >>
    >
    >

  • Next message: Ayende Rahien: "Is this secured?"
    • Quantcast