Poor man's encrypted data

Dave Cragg dcragg at lacscentre.co.uk
Sat Apr 5 12:25:01 EST 2003


At 8:21 am -0800 5/4/03, Richard Gaskin wrote:
>For sending data across the net in a semi-secure format, can you think of
>any downsides to simply storing the data in custom props in a
>password-protected stack?

One possible downside is that, although the contents of the custom 
props will be encrypted, if someone is able to get the entire stack 
data, then with a copy of Rev/Metacard (the starter kit will do) you 
can still "get" the custom props. (Password-protecting only denies 
access to the scripts.)

In the past, I've tried storing "private data" in the script of an 
object to keep it secure. But this can run into problems with the 
scriptLimits if you want to distribute a tool that secures data for 
others to use.

Another method I used recently is to use a getprop handler to control 
access to those properties using a secret code.

For example, you would set the properties you want to secure in a 
custom property set.

E.g.

set the cSecuredata["PIN"] of stack "secureStack" to "1234"
set the cSecuredata["safeCombination"] of stack "secureStack" to "66l74r89l"

Then in the "secureStack" stack script, you would have a getprop 
handler like this:

getprop cSecuredata[tKey]
   if item 1 of tKey is "mysecret" then
    return the cSecuredata[item 2 of tKey] of me
   else
    return empty
   end if
end cSecuredata

Then to get the "PIN" property, you would have to do this:

get the cSecuredata["mysecret,PIN"] of stack "securestack"

Of course, only you would know that "mysecret" or whatever you choose 
is the secret code.

This should prevent access to those custom properties unless you 
actually know the secret code.

Cheers
Dave



More information about the metacard mailing list